While reviewing sensitive electronic work papers, the IS auditor noticed that they were not
encrypted. This could compromise the:
audit trail of the versioning of the work papers.
approval of the audit phases.
access rights to the work papers.
confidentiality of the work papers.
Encryption provides confidentiality for the electronic work papers. Audit trails, audit phase
approvals and access to the work papers do not, of themselves, affect the confidentiality but are
part of the reason for requiring encryption.