Certified Information Systems Auditor (CISA) — Question 1273

An IS auditor has been asked to audit the proposed acquisition of new computer hardware. The auditor's PRIMARY concern is that:

Answer options

• A. a clear business case has been established.
• B. the new hardware meets established security standards.
• C. a full, visible audit trail will be included.
• D. the implementation plan meets user requirements.

Correct answer: A

Explanation

The primary concern of the IS auditor is to ensure that a clear business case has been established, as this justifies the investment and aligns with organizational goals. While security standards, audit trails, and user requirements are important, they become secondary if the business rationale for acquisition is not clearly defined.