Certified Information Systems Auditor (CISA) — Question 1366

An IS auditor can BEST evaluate the business impact of system failures by:

Answer options

• A. assessing user satisfaction levels.
• B. analyzing equipment maintenance logs.
• C. reviewing system-generated logs.
• D. interviewing the security administrator.

Correct answer: C

Explanation

The correct answer is C, as reviewing system-generated logs provides direct insights into system performance and failures, allowing for a clear understanding of their impact. In contrast, assessing user satisfaction levels (A) may not accurately reflect system reliability, while analyzing maintenance logs (B) and interviewing the security administrator (D) offer less direct evidence regarding the immediate business consequences of system failures.