Certified Information Systems Auditor (CISA) — Question 1306

Which of the following should an IS auditor do FIRST when assessing the level of compliance for an organization in the banking industry?

Answer options

• A. Review internal documentation to evaluate adherence to external requirements.
• B. Confirm there are procedures in place to ensure organizational agreements address legal requirements
• C. Determine whether the organization has established benchmarks against industry peers for compliance.
• D. Identify industry-specific requirements that apply to the organization.

Correct answer: D

Explanation

The correct answer is D because identifying industry-specific requirements is crucial for understanding the compliance landscape before assessing adherence. Options A, B, and C are subsequent steps that depend on first knowing the relevant requirements that apply to the banking industry.