Certified Information Systems Auditor (CISA) — Question 1455

Which of the following would provide the MOST important input during the planning phase for an audit on the implementation of a bring your own device (BYOD) program?

Answer options

• A. Results of a risk assessment
• B. Policies including BYOD acceptable use statements
• C. Findings from prior audits
• D. An inventory of personal devices to be connected to the corporate network

Correct answer: A

Explanation

The results of a risk assessment are vital as they identify potential vulnerabilities and threats associated with the BYOD program, guiding the audit's focus. While policies, prior audit findings, and inventories are important, they do not provide the same level of foundational insight into risks that need to be addressed during the audit.