Which of the following is NOT a recognized audit procedure?

The correct choice signifies that "Evidential synthesis" is not a recognized audit procedure within the context of ISO/IEC 27001 auditing practices. Audit procedures are structured methods that auditors use to gather and evaluate evidence to form an opinion about an organization's information security management system.

Evidential analysis involves examining the collected data to identify patterns, inconsistencies, or areas of concern regarding compliance or risk management. This procedure is crucial as it helps in understanding the data's implications on information security.

Evidential collection tools are practical instruments or methods used during the audit to gather necessary evidence systematically. These tools facilitate the efficient and effective gathering of data, which is essential for a comprehensive audit process.

Evidential documentation review entails scrutinizing existing records, reports, and previous audit findings to assess compliance with the established information security policies and controls. This step is vital for providing a benchmark and context for the current audit’s findings.

In contrast, "Evidential synthesis" does not represent a standalone process recognized in an auditing framework. While synthesizing data can occur during the analysis phase, it does not constitute a separate or defined audit procedure. Understanding these distinctions helps clarify the structured approach taken in ISO/IEC 27001 audits and highlights the importance of each