Certified Information Systems Auditor (CISA) — Question 179
Which of the following BEST describes the role of the IS auditor in a control self-assessment (CSA)?
Answer options
- A. Implementer
- B. Approver
- C. Reviewer
- D. Facilitator
Correct answer: D
Explanation
The IS auditor acts as a Facilitator in a control self-assessment (CSA) by guiding the process and ensuring that it adheres to standards. The Implementer and Approver roles imply a level of authority and execution that the IS auditor does not typically possess in this context, while the Reviewer role suggests a more passive involvement than the active facilitation required.