Certified Information Systems Auditor (CISA) — Question 1285

An IS auditor has found that a vendor has gone out of business and the escrow has an older version of the source code. What is the auditor's BEST recommendation for the organization?

Answer options

• A. Perform an analysis to determine the business risk.
• B. Develop a maintenance plan to support the application using the existing code.
• C. Bring the escrow version up to date.
• D. Analyze a new application that meets the current requirements.

Correct answer: A

Explanation

The best recommendation is to perform an analysis to determine the business risk, as it allows the organization to understand the implications of relying on outdated software. Developing a maintenance plan or updating the escrow version may not address the fundamental risk of the vendor being out of business. Analyzing a new application could be a viable option, but understanding the current risk is essential before making such a decision.