Certified Information Systems Auditor Practice Exam 2025 – All-in-One Guide to Master Your CISA Certification!

The most appropriate action for an IS auditor upon discovering shared user accounts is to document the findings and explain the risk of using shared IDs. Shared user accounts can lead to several security issues, including compromised accountability and traceability of actions taken within the system. When multiple users share a single account, it becomes difficult to track who performed specific actions, making it challenging to hold individuals accountable for their activities.

By documenting the findings, the auditor creates a record of the issue, which is essential for future reference and for informing stakeholders about the risks associated with such practices. Additionally, explaining the risks highlights the importance of maintaining individual user accounts for each user, which enhances security and compliance with best practices. This approach allows for an educational component, making users aware of potential security threats, and encourages adherence to proper access control measures.

While other responses, such as disabling accounts or informing users of best practices, may seem proactive, they may not address the underlying issues or involve the necessary documentation of the audit findings. Initiating a full audit of user accounts could be excessive at this stage, particularly if the primary concern is the shared accounts. By focusing on documentation and education first, the auditor can take measured steps to improve the organization's security posture regarding user account management.