Certified Information Systems Auditor (CISA) — Question 163

In an annual audit cycle, the audit of an organization's IT department resulted in many findings. Which of the following would be the MOST important consideration when planning the next audit?

Answer options

• A. Limiting the review to the deficient areas
• B. Following up on the status of all recommendations
• C. Verifying that all recommendations have been implemented
• D. Postponing the review until all of the findings have been rectified

Correct answer: B

Explanation

The correct answer is B because following up on the status of all recommendations ensures that previous issues are being addressed and allows for a comprehensive evaluation of improvements. Options A and D are too limited or could delay necessary audits, while C does not consider the status of all recommendations, focusing only on implementation.