An IS auditor is assigned to review the IS department's quality procedures.
Upon contacting the IS manager, the auditor finds that there is an informal unwritten set of standards.
Which of the following should be the auditor's NEXT action?
Click on the arrows to vote for the correct answer
A. B. C. D.D.
The correct answer is B. Make recommendations to IS management as to appropriate quality standards.
Explanation:
The auditor has identified that the IS department has an informal and unwritten set of quality standards. As an auditor, it is important to ensure that the organization is following appropriate and documented quality procedures to minimize the risk of errors, fraud, and non-compliance with regulations.
Therefore, the auditor should not simply finalize the audit and report the finding (option A) because there is an identified gap that needs to be addressed. Postponing the audit until IS management implements written standards (option C) is also not the best course of action since it could delay the implementation of necessary improvements.
Documenting and testing compliance with the informal standards (option D) would be a possible action but it would not address the issue of the lack of formal quality procedures. The auditor's role is to provide recommendations for improvement, rather than just test compliance.
Therefore, the best course of action is to make recommendations to IS management as to appropriate quality standards (option B). The auditor can provide guidance on industry best practices or established standards such as ISO 9001 or ITIL, which the organization can adopt and document in their procedures. This will help ensure that the quality procedures are consistent and followed consistently across the organization.