Certified Information Systems Auditor (CISA) — Question 1214

An external IS auditor is reviewing the continuous monitoring system for a large bank and notes several potential issues. Which of the following would present the GREATEST concern regarding the reliability of the monitoring system?

Answer options

• A. The monitoring system was configured by IT.
• B. The system results are not regularly reviewed by management.
• C. The alert threshold is updated periodically.
• D. The measurement method is periodically varied.

Correct answer: B

Explanation

The correct answer is B because if management does not regularly review the system results, it can lead to undetected issues and reduced accountability. Options A, C, and D are less concerning; while IT configuration and periodic updates may have risks, they do not directly impact the oversight that management provides.