Certified Information Systems Auditor (CISA) — Question 1008

Which of the following would BEST guide an IS auditor when determining an appropriate time to schedule the follow-up of agreed corrective actions for reported audit issues?

Answer options

• A. Business management has completed the implementation of agreed actions on schedule.
• B. Progress updates indicate that the implementation of agreed actions is on track.
• C. Sufficient time has elapsed since implementation to provide evidence of control operation.
• D. Regulators have announced a timeline for an inspection visit.

Correct answer: C

Explanation

The correct answer is C because it ensures that there has been adequate time to assess the effectiveness of the corrective actions implemented. Options A and B focus on completion and progress, which do not guarantee that the actions are functioning as intended. Option D relates to external timelines, which may not align with the auditor's need to evaluate control effectiveness.