$**$Case Study: Auditor's Responsibility for Cybersecurity Risks$**$

$*$Background:$*$

ABC Corporation is a medium$-$sized manufacturing company that specializes in producing automotive parts. With the increasing digitization of their operations, ABC Corporation has become reliant on various digital systems and technologies to streamline their processes and improve efficiency. However, along with these advancements comes the heightened risk of cybersecurity threats.

$*$Situation:$*$

As the external auditor for ABC Corporation, your firm is responsible for evaluating the company's financial statements and ensuring compliance with relevant regulations. Given the growing prevalence of cyberattacks and data breaches, cybersecurity risks have become a significant concern for both the company and its stakeholders.

$*$Audit Procedures:$*$

$1.**$Understanding the IT Environment:$**$ The audit team conducts a thorough assessment of ABC Corporation's IT infrastructure, including network systems, servers, databases, and applications. This involves reviewing documentation, interviewing IT personnel, and assessing the effectiveness of internal controls related to cybersecurity.

$2.**$Assessing Cybersecurity Policies and Procedures:$**$ The auditors review ABC Corporation's cybersecurity policies and procedures to determine their adequacy in mitigating risks. They evaluate the company's approach to data protection, access controls, encryption, incident response, and disaster recovery.

$3.**$Testing Controls:$**$ A key aspect of the audit involves testing the effectiveness of controls designed to prevent and detect cybersecurity threats. This includes conducting penetration testing, vulnerability assessments, and reviewing system logs for any suspicious activities.

$4.**$Reviewing Incident Response Plan:$**$ The audit team assesses ABC Corporation's incident response plan to ensure that it outlines clear procedures for identifying, containing, and mitigating cybersecurity incidents. They evaluate the company's readiness to respond to various types of cyber threats, such as malware infections, data breaches, and ransomware attacks.

$5.**$Evaluating Third$-$Party Risk Management:$**$ ABC Corporation relies on various third$-$party vendors and service providers for IT solutions and support. The auditors assess the company's vendor management practices to ensure that third$-$party relationships are properly evaluated and monitored for cybersecurity risks.

$*$Objective Question:$*$

Based on the case study provided, what is one of the key audit procedures conducted by the auditor to assess cybersecurity risks at ABC Corporation?

A$)$ Reviewing financial statements

B$)$ Conducting penetration testing

C$)$ Assessing inventory management

D$)$ Interviewing customers

Choose the correct option and explain why it is the correct choice.