Certified Information Systems Auditor (CISA) — Question 1156

The PRIMARY objective of a follow-up audit is to:

Answer options

• A. determine adequacy of actions taken on recommendations.
• B. evaluate whether the risk profile has changed.
• C. verify compliance with policies.
• D. assess the appropriateness of recommendations.

Correct answer: A

Explanation

The primary goal of a follow-up audit is to assess whether the actions taken in response to previous recommendations are sufficient, which is why option A is correct. Options B, C, and D focus on different aspects that are not the main aim of a follow-up audit, such as risk assessment, compliance verification, and recommendation evaluation.