Which element is not typically included in a security audit?

The element that is not typically included in a security audit is a review of financial records. A security audit primarily focuses on assessing the effectiveness of an organization's security measures, such as physical security controls, technical safeguards, and operational procedures related to the protection of sensitive information and assets.

Evaluating existing security measures helps identify vulnerabilities and assess compliance with security policies and regulations. Documentation of security policies is crucial for ensuring all team members understand the security protocols in place, guiding proper security practices. Actionable recommendations for improvements are the outcome of a thorough audit process, aimed at enhancing the overall security posture of the organization.

While financial records are important for a business's operational integrity and might be reviewed in a financial audit or during certain investigations relating to security breaches, they do not directly pertain to the security auditing process itself, which is centered around safeguarding assets and information rather than financial accountability.