What action should an IS auditor take upon discovering unauthorized software on multiple PCs?

The appropriate response when an IS auditor discovers unauthorized software on multiple PCs is to report the use of the unauthorized software and communicate the need to prevent its recurrence. This action is critical for several reasons.

First, reporting the discovery ensures that the issue is formally documented and brought to the attention of management or the relevant stakeholders. This not only highlights potential legal and financial risks associated with unauthorized software use, such as license violations and possible penalties, but also underscores the need to assess the overall compliance posture of the organization.

Moreover, emphasizing the need to prevent recurrence advances the organization's strategy toward long-term compliance. It opens the door for a discussion on establishing clearer policies and controls regarding software installation and usage, which can include conducting audits, creating awareness campaigns, and implementing stricter access controls.

Taking this action aligns with an auditor's responsibility to ensure that the organization adheres to regulatory standards and best practices while fostering a culture of accountability and responsibility regarding software management. By focusing on prevention, the organization can minimize risks associated with unauthorized software which can lead to security vulnerabilities, operational inefficiencies, and loss of trust.

While other options might seem helpful, they do not address the comprehensive need for oversight and management engagement required to rectify the situation and prevent future occurrences effectively.