An IS auditor is performing an audit of a remotely managed server backup. The IS auditor reviews
the logs for one day and finds one case where logging on a server has failed with the result that
backup restarts cannot be confirmed. What should the auditor do?
Issue an audit finding
Seek an explanation from IS management
Review the classifications of data held on the server
Expand the sample of logs reviewed
Audit standards require that an IS auditor gather sufficient and appropriate audit evidence. The
auditor has found a potential problem and now needs to determine if this is an isolated incident or
a systematic control failure. At this stage it is too preliminary to issue an audit finding and seeking
an explanation from management is advisable, but it would be better to gather additional evidence
to properly evaluate the seriousness of the situation. A backup failure, which has not been
established at this point, will be serious if it involves critical datA. However, the issue is not the
importance of the data on the server, where a problem has been detected, but whether a systematic
control failure that impacts other servers exists.