Certified Information Systems Auditor (CISA) — Question 118

An IS auditor has been asked to investigate critical business applications that have been producing suspicious results. Which of the following should be done FIRST?

Answer options

• A. Evaluate control design
• B. Evaluate incident management
• C. Review configuration management
• D. Review user access rights

Correct answer: B

Explanation

The correct answer is B, as evaluating incident management is essential to understanding how current incidents are handled and to identify any ongoing issues. Options A, C, and D are important but should come after assessing how incidents are managed since they may provide context but do not address immediate concerns.