Certified Information Systems Auditor Practice Exam

When an IS auditor discovers undocumented devices on the network, evaluating the impact on audit scope is the most appropriate action. This step is crucial because undocumented devices can present significant risks to the organization's security posture and overall governance. By assessing how these devices affect the audit's scope, the auditor can determine whether additional procedures or controls need to be examined, ensuring that the audit accurately reflects the current state of the environment and potential vulnerabilities.

Understanding the implications of these undocumented devices allows the auditor to adjust the focus of the audit as necessary, potentially expanding it to include areas of risk that were initially not considered. This assessment may lead to a more comprehensive evaluation of the organization’s security practices and risk management strategies, aligning the audit with the organization's objectives.

The other options, while they might seem practical at first glance, do not directly address the need to understand the broader implications of the discovery within the context of the audit. Removing devices immediately could disrupt operations and does not resolve the underlying issue of why those devices are present. Requesting detailed logs without first evaluating the situation may lead to unnecessary effort without clarity on why the devices were undocumented. Assuming the devices are not significant overlooks the potential risks they pose and could result in a failure to identify critical security gaps.