CISA Question #474: Real Exam Question with Answer & Explanation

Sign in or unlock CISA to reveal the answer and full explanation for question #474. The question stem and answer options stay visible for context.

Submitted by takeshi77· Apr 18, 2026Information System Auditing Process

Question

An IS auditor discovers there are no documented security procedures. What should be the NEXT step?

Options

AIdentify and evaluate the current security practices implemented by the organization.
BIdentify compensating controls for the lack of documentation.
CAssist information security management with preparing security procedures.
DReview security incident logs and related metrics.

Unlock CISA to see the answer

You've previewed enough free CISA questions. Unlock CISA for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.

Unlock CISA - $49.99 / 30 days Sign in

Topics

#Audit methodology#Security documentation#Control evaluation#Audit findings

Full CISA Practice Browse All CISA Questions