Certified Information Systems Auditor (CISA) — Question 1055

Which of the following should be done FIRST when auditing an IT portfolio management process at a large organization?

Answer options

• A. Conduct walk-through meetings with IT project managers.
• B. Calculate the IT portfolio return on investment (ROI).
• C. Verify whether the IT project portfolio is kept up to date.
• D. Confirm industry best practices for IT portfolio management are followed.

Correct answer: C

Explanation

The first step in auditing an IT portfolio management process is to verify whether the IT project portfolio is kept up to date. This ensures that all information is accurate and relevant before any further analysis or evaluations are made. The other options, while important, should come after confirming the portfolio's current status.