Certified Information Systems Auditor (CISA) — Question 245

An IS auditor has been tasked to review the processes that prevent fraud within a business expense claim system. Which of the following stakeholders is MOST important to involve in this review?

Answer options

• A. Quality assurance (QA) manager
• B. Business department executive
• C. Information security manager
• D. Business process owner

Correct answer: D

Explanation

The Business process owner is essential for this review as they are directly responsible for the processes in place and can provide insights into the effectiveness of the fraud prevention measures. The other stakeholders, while important, do not have the same level of direct involvement with the specific processes being reviewed.