Certified Information Systems Auditor (CISA) — Question 1159

Which of the following would be of GREATEST concern to an IS auditor reviewing an IT-related customer service project?

Answer options

• A. Alert both audit and operations management about the discrepancy.
• B. Ask the asset management staff where the devices are.
• C. The project risk exceeds the organization’s risk appetite.
• D. Ignore the invoices since they are not part of the follow-up.

Correct answer: C

Explanation

The correct answer, C, highlights a critical concern for an IS auditor, as projects that exceed the organization's risk appetite pose significant threats. Options A and B focus on communication and inquiries, which are less urgent than addressing risk, while D suggests ignoring important financial documents, which could lead to compliance issues.