Certified Information Systems Auditor (CISA) — Question 147

Which of the following should be of GREATEST concern to an IS auditor assessing the effectiveness of an organization's release management processes?

Answer options

• A. Release management policies have not been updated in the past two years.
• B. Identify assets to be protected.
• C. Evaluate controls in place.
• D. Identify potential threats.

Correct answer: C

Explanation

The most critical aspect for an IS auditor is to evaluate the controls in place, as these ensure that the release management processes are functioning effectively and securely. While the other options are important, they do not directly assess the effectiveness of the controls that protect the organization's systems during releases.