Certified Information Systems Auditor (CISA) — Question 1006

The PRIMARY objective of a control self-assessment (CSA) is to:

Answer options

• A. educate functional areas on risks and controls.
• B. ensure appropriate access controls are implemented.
• C. gain assurance for business functions that cannot be audited.
• D. eliminate the audit risk by leveraging management's analysis.

Correct answer: A

Explanation

The primary goal of a control self-assessment (CSA) is to educate functional areas about risks and controls, helping them to recognize and address their own vulnerabilities. The other options focus on specific aspects of control or risk management, but do not capture the overarching objective of awareness and education provided by a CSA.