Certified Information Systems Auditor (CISA) — Question 1304

After the merger of two organizations, which of the following is the MOST important task for an IS auditor to perform?

Answer options

• A. Updating the continuity plan for critical resources
• B. Updating the security policy
• C. Verifying that access privileges have been reviewed
• D. Investigating access rights for expiration dates

Correct answer: C

Explanation

The correct answer is C because after a merger, it is vital to ensure that access privileges are appropriate and have been thoroughly reviewed to maintain security and compliance. Options A and B, while important, pertain to broader organizational strategies rather than immediate access control concerns. Option D focuses on expiration dates, which is a narrower issue compared to the overall review of access privileges.