What should an IS auditor do next?
In the course of performing a risk analysis, an IS auditor has identified threats and potential impacts.
A. Identify and assess the risk assessment process used by management. B. Identify information assets and the underlying systems. C. Disclose the threats and impacts to management. D. Identify and evaluate the existing controls.
It is important for an IS auditor to identify and evaluate the existing controls and security once the potential threats and possible impacts are identified. Upon completion of an audit an IS auditor should describe and discuss with management the threats and potential impacts on the assets.