Certified Information Systems Auditor (CISA) — Question 1442

An IS auditor has been asked to perform a post-implementation assessment of a new corporate human resources (HR) system. Which of the following control areas would be MOST important to review for the protection of employee information?

Answer options

• A. Data retention practices
• B. Authentication mechanisms
• C. System architecture
• D. Logging capabilities

Correct answer: B

Explanation

The correct answer is B, as authentication mechanisms are crucial for ensuring that only authorized personnel can access sensitive employee information. While data retention practices, system architecture, and logging capabilities are also important, they do not directly control access to the data like authentication does.