Certified Information Systems Auditor 2025 – 400 Free Practice Questions to Pass the Exam

When a major control deficiency is identified in change management software during an audit, including the deficiency in the final report while continuing to test the accounting application controls is the most appropriate course of action. This approach allows the auditor to maintain the integrity of the audit process by not abandoning the overall objectives and scope of the audit.

Documenting the deficiency in the final report ensures that the findings are communicated to relevant stakeholders for further action. This is crucial because it enables management to understand the risks associated with the identified control gap and gives them the opportunity to implement corrective measures in a structured manner. Furthermore, continuing the testing of application controls allows the auditor to gather additional information and insights, potentially highlighting if the deficiency affects other areas and how it interacts with the overall internal control environment.

Addressing the deficiency in the final report rather than halting the audit can provide a comprehensive view of control effectiveness and help facilitate a more informed decision-making process by management. It also preserves the continuity and efficacy of the audit process, ensuring that all areas are adequately assessed before concluding the audit.

In contrast, immediate reporting to upper management or redesigning the control system as a corrective measure may disrupt the audit process and overlook the needed assessment of ongoing risks, while halting the audit can