Skillset can help you prepare! Sign up for your free Skillset account and take the first steps towards your certification.
In the course of a security audit, an IT auditor discovers that there is no formal documentation for security procedures. The IT auditor should:
Create the procedures document.
Identify and evaluate existing practices.
Terminate the audit.
Conduct compliance testing.
One of the main objectives of an audit is to identify potential risk; therefore, the most proactive approach would be to identify and evaluate the existing security practices being followed by the organization. IS auditors should not prepare documentation since doing so could jeopardize their independence. Terminating the audit may prevent achieving one of the basic audit objectives, i.e., identification of potential risk. Since there are no documented procedures, there is no basis against which to test compliance.
Study thousands of practice questions that organized by skills and ranked by difficulty.
Create a tailored training plan based on the knowledge you already possess.
Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.