Responsibility and reporting lines cannot always be established when auditing automated systems since:
During a postimplementation review of an enterprise resource management system, an IS auditor would MOST likely:
The reason a certification and accreditation process is performed on critical systems is to ensure that:
While reviewing the data migration activity, the MOST important concern for the IS auditor is to determine that there is a:
From a risk management point of view, the BEST approach when implementing a large and complex IT infrastructure is: