What things for an IS auditor should be aware of when evaluating the collective effect of preventive, detective or corrective controls within a process?

The auditor should be aware of the point wherein the data flow can be exercised throughout the system. If the auditor would not do this then the purpose will not be hit. It is not proper to do B because there are times when corrective controls are also considered to be important.

C is not the best option because corrective controls are meant to reduce the possibility of problems occurring. D is obviously the very first option that you should disregard because it has no relevance to what you are trying to do or what you are trying to find out. Remember that the function of the controls is considered to be more important than the classification of the controls.

A. of the point at which controls are exercised as data flow through the system.

An IS auditor should focus on when controls are exercised as data flow through a computer system. Choice B is incorrect since corrective controls may also be relevant. Choice C is incorrect since corrective controls remove or reduce the effects of errors or irregularities and are exclusively regarded as compensating controls. Choice D is incorrect and irrelevant since the existence and function of controls is important, not the classification.