Certified Information Systems Auditor (CISA) — Question 1251

Which of the following is the BEST way for an IS auditor to assess the design of an automated application control?

Answer options

• A. Interview the application developer.
• B. Obtain management attestation and sign-off.
• C. Review system configuration parameters and output.
• D. Review the application implementation documents.

Correct answer: C

Explanation

The correct answer is C because reviewing system configuration parameters and output provides direct insight into how the automated application control is designed and functions in practice. Options A and D, while useful, rely on external perspectives rather than the actual system performance. Option B does not assess the design but rather seeks validation from management.