Certified Information Systems Auditor (CISA) — Question 1043

During an audit of payment services of a branch based in a foreign country, a large global bank's audit team identifies an opportunity to use data analytics techniques to identify abnormal payments. Which of the following is the team's MOST important course of action?

Answer options

• A. Request the data from the branch as the team audit charter covers the country where it is based.
• B. Conduct a walk through of the analytical strategy with stakeholders of the audited branch to obtain their buy-in.
• C. Consult the legal department to understand the procedure for requesting data from a different jurisdiction.
• D. Agree on a data extraction and sharing strategy with the IT team of the audited branch.

Correct answer: C

Explanation

The correct answer is C because understanding the legal implications and procedures for data requests across jurisdictions is crucial to ensure compliance. Options A and B overlook the necessity of legal consultation, while option D, although important, should follow a clear understanding of legal protocols.