Certified Information Systems Auditor (CISA) — Question 1375

During an incident management audit, an IS auditor finds that several similar incidents were logged during the audit period. Which of the following is the auditor's
MOST important course of action?

Answer options

• A. Document the finding and present it to management.
• B. Determine if a root cause analysis was conducted.
• C. Validate whether all incidents have been actioned.
• D. Confirm the resolution time of the incidents.

Correct answer: B

Explanation

The correct answer is B because determining if a root cause analysis was conducted is crucial for understanding the underlying issues that led to the incidents. The other options, while important, do not address the need to identify the fundamental cause of the recurring incidents, which is essential for preventing future occurrences.