An IS auditor concludes that a local area network's (LAN's) access security is satisfactory.
In reviewing the work, the audit manager should:
Click on the arrows to vote for the correct answer
A. B. C. D.B.
Option B is the most appropriate answer in this scenario, as the audit manager should verify whether the elements of an agreed-upon audit plan have been addressed to ensure that the audit was conducted in accordance with the established plan. This will help ensure that the audit was performed with appropriate scope, methodology, and objectives.
Option A may not be necessary unless there is a specific reason to doubt the quality of the work performed by the IS auditor, such as a potential conflict of interest or lack of expertise. In such cases, the audit manager may need to re-perform some steps of the audit to ensure its integrity and accuracy.
Option C is not directly relevant to the audit manager's review of the IS auditor's work, as user management's agreement with the findings is not essential to the audit's completion. However, it is essential to communicate the audit results to the relevant stakeholders and obtain their feedback and response.
Option D is also not directly relevant to the audit manager's review of the IS auditor's work unless there is a specific concern about the auditor's skills or expertise. The audit manager should assume that the auditor has the appropriate skills and experience unless there is evidence to the contrary.
In summary, the audit manager should verify whether the elements of an agreed-upon audit plan have been addressed to ensure that the audit was conducted in accordance with the established plan. The audit manager should also communicate the audit results to the relevant stakeholders and obtain their feedback and response. Re-performing some steps of the audit or assessing the auditor's skills may not be necessary unless there is evidence of a specific concern.