Certified Information Systems Auditor (CISA) — Question 1172

Which of the following is the PRIMARY reason to involve IS auditors in the software acquisition process?

Answer options

• A. To help ensure hardware and operating system requirements are considered
• B. To help ensure proposed contracts and service level agreements (SLAs) address key elements
• C. To help ensure the project management process complies with policies and procedures
• D. To help ensure adequate controls to address common threats and risks are considered

Correct answer: D

Explanation

The correct answer is D because IS auditors play a crucial role in identifying and mitigating risks associated with software acquisitions. While options A, B, and C are important considerations, they do not directly address the need for adequate controls against threats and risks, which is the primary focus of involving IS auditors.