Certified Information Systems Auditor (CISA) — Question 1181

Which of the following would be of GREATEST concern to an IS auditor reviewing an IT-related customer service project?

Answer options

• A. The project risk exceeds the organization's risk appetite.
• B. Expected business value is expressed in qualitative terms.
• C. Executing the project will require additional investments.
• D. The organization will be the first to offer the proposed services.

Correct answer: A

Explanation

The greatest concern for an IS auditor is when the project risk surpasses the organization's risk appetite, as it indicates potential for significant negative impact. While qualitative business value, additional investment needs, and being a first mover are important considerations, they do not pose the same level of risk to the organization as exceeding risk appetite does.