What is an IS auditor's BEST course of action when provided with a status update indicating audit recommendations related to segregation of duties for financial staff have been implemented?
Click on the arrows to vote for the correct answer
A. B. C. D.A.
The correct answer is D. Confirm with the business that the recommendations are implemented.
Explanation: Segregation of duties is a critical control in financial systems that helps to prevent errors, fraud, and abuse. As an IS auditor, it is essential to ensure that recommendations related to segregation of duties have been implemented effectively. Once you receive a status update indicating that the audit recommendations have been implemented, the best course of action is to confirm with the business that the recommendations are indeed implemented.
Option A, Verify sufficient segregation of duties controls are in place, is not the best course of action because it assumes that there may be insufficient controls in place, which may not be the case if the status update confirms that the audit recommendations have been implemented.
Option B, Request documentation of the segregation of duties policy and procedures, may not be necessary as the status update already indicates that the audit recommendations have been implemented. It is important to focus on confirming that the implementation has been done and is effective.
Option C, Note the department's response in the audit workpapers and records, is not the best course of action as it does not provide assurance that the recommendations have been implemented. Instead, the focus should be on confirming that the implementation has been completed.
Option D, Confirm with the business that the recommendations are implemented, is the best course of action as it provides assurance that the implementation has been done, and the segregation of duties controls are effective. The auditor should engage with the business stakeholders and request evidence or demonstrations that the recommendations have been implemented, and the controls are in place and functioning correctly. This can be done through discussions, walkthroughs, observations, or other appropriate means.
Therefore, the best course of action for an IS auditor when provided with a status update indicating audit recommendations related to segregation of duties for financial staff have been implemented is to confirm with the business that the recommendations are implemented.