During a follow-up audit, an IS auditor learns the organization implemented an automated process instead of the originally agreed upon enhancement of the manual process.
The auditor should:
Click on the arrows to vote for the correct answer
A. B. C. D.C.
The correct answer in this scenario is option C, verify that the new process satisfies control objectives.
Explanation:
During a follow-up audit, the IS auditor has learned that the organization has implemented an automated process instead of the originally agreed upon enhancement of the manual process. In this situation, the auditor needs to assess the new automated process to ensure that it meets the control objectives that were initially agreed upon.
Option A, reporting the finding that recommendations were not acted upon, may not be appropriate in this situation as the organization has implemented a new process. The auditor needs to verify whether the new process satisfies the control objectives.
Option B, performing a cost-benefit analysis on the new process, may not be relevant to the situation described in the question as the auditor's primary focus is on ensuring that the new process satisfies control objectives.
Option D, reporting the recommendation as implemented, may not be the best option as it does not take into account the fact that the organization has implemented a different process than the one that was initially agreed upon. The auditor must assess whether the new process meets the control objectives to determine whether it is a suitable replacement for the originally proposed enhancement.
In summary, the IS auditor should verify that the new process satisfies control objectives to determine whether it is an appropriate replacement for the originally proposed enhancement.