Certified Information Systems Auditor (CISA) — Question 1262

Which of the following BEST enables an IS auditor to determine the effectiveness of controls for an audit area?

Answer options

• A. Control self-assessment (CSA)
• B. Prior audit results
• C. Control implementation methods
• D. SWOT analysis

Correct answer: A

Explanation

Control self-assessment (CSA) allows auditors to engage in a systematic evaluation of control effectiveness by involving personnel who operate the controls. Prior audit results do not provide current insights into control efficacy, while control implementation methods focus on how controls are set up rather than their effectiveness. SWOT analysis, on the other hand, is a strategic planning tool that does not directly assess control effectiveness.