Certified Information Systems Auditor (CISA) — Question 1069

During an audit of a data center with updated technology, the auditee indicates that environmental controls are the same as those used in the previous environment. The IS auditor should FIRST:

Answer options

• A. test selected controls.
• B. recommend changes to the maintenance schedule.
• C. determine whether the controls are active.
• D. review equipment specifications.

Correct answer: D

Explanation

The correct answer is D because reviewing equipment specifications helps the auditor understand if the existing environmental controls are suitable for the updated technology. Options A and C are premature as they assume controls are adequate without first confirming if they match the new equipment's requirements. Option B may be necessary later, but understanding the specifications is fundamental before making any recommendations.