Certified Information Systems Auditor (CISA) — Question 1109

Which of the following is the MOST important area of focus for an IS auditor when developing a risk-based audit strategy?

Answer options

• A. Business processes
• B. Recent audit results
• C. Critical business applications
• D. Existing IT controls

Correct answer: A

Explanation

The most crucial focus for an IS auditor is Business processes, as they provide insight into how the organization operates and where risks may arise. While Recent audit results, Critical business applications, and Existing IT controls are important, they serve as supporting information rather than the primary focus for assessing risk.