In a high-risk situation during a risk-based IS audit, what is the IS auditor likely to perform more of?

In a high-risk situation during a risk-based IS audit, the IS auditor is likely to perform more substantive testing. Substantive testing involves the evaluation of the actual transactions and balances to determine whether they comply with the established criteria, policies, and controls. In high-risk scenarios, the auditor needs to gather sufficient evidence to support their conclusions about the risk and the effectiveness of controls in place. By increasing substantive testing, the auditor aims to identify any material misstatements or deficiencies within the financial data or operational processes.

This approach is vital in high-risk contexts because such environments typically harbor greater uncertainty and potential for errors. As a result, relying on substantive testing helps to ensure that audits do not miss significant issues that could impact the integrity and reliability of the information systems being audited.