Certified Information Systems Auditor (CISA) — Question 1194

Which of the following should be an IS auditor’s PRIMARY focus when auditing the implementation of a new IT operations performance monitoring system?

Answer options

• A. Validating whether baselines have been established
• B. Reviewing whether all changes have been implemented
• C. Determining whether there is a process for annual review of the maintenance manual
• D. Confirming whether multi-factor authentication (MFA) is deployed as part of the operational enhancements

Correct answer: A

Explanation

The primary focus of an IS auditor should be to validate whether baselines have been established, as this is crucial for measuring performance. The other options, while important, pertain to specific aspects of system implementation that are secondary to the establishment of baseline metrics necessary for effective monitoring.