Certified Information Systems Auditor (CISA) — Question 178

Who is PRIMARILY responsible for the design of IT controls to meet control objectives?

Answer options

• A. IT manager
• B. Internal auditor
• C. Business management
• D. Risk management

Correct answer: C

Explanation

Business management is primarily responsible for the design of IT controls to meet control objectives as they set the strategic direction and ensure alignment with business goals. The IT manager focuses on implementation, the internal auditor assesses effectiveness, and risk management identifies risks but does not design the controls.