Certified Information Systems Auditor (CISA) — Question 231

In the development of a new financial application, the IS auditor’s FIRST involvement should be in the:

Answer options

• A. control design
• B. application design
• C. system test
• D. feasibility study

Correct answer: D

Explanation

The IS auditor should first be involved during the feasibility study to assess the project's viability and risks before any design or testing occurs. Engaging later in control design, application design, or system testing would miss critical opportunities to identify potential issues early in the project's lifecycle.