Certified Information Systems Auditor (CISA) — Question 153

Which of the following should be the role of internal audit in an organization’s move to the cloud?

Answer options

• A. Identifying and mitigating risk to an acceptable level
• B. Identifying impacts to organizational budgets and resources
• C. Implementing security controls for data prior to migration
• D. Serving as a trusted partner and advisor

Correct answer: D

Explanation

The correct answer, D, is accurate because internal audit should provide guidance and support throughout the cloud transition process. Options A, B, and C relate to risk management and operational considerations but do not capture the advisory role that internal audit plays in ensuring a successful cloud adoption.