Certified Information Systems Auditor (CISA) — Question 273

An IS auditor performing a review of a newly purchased software program notes that an escrow agreement has been executed for acquiring the source code.
What is MOST important for the IS auditor to verify?

Answer options

• A. The source code is being held by an independent third party.
• B. Product acceptance testing has been completed.
• C. The vendor is financially viable.
• D. The source code is being updated for each change.

Correct answer: A

Explanation

The most critical aspect for the IS auditor to confirm is that the source code is stored with an independent third party, ensuring its availability if needed. While product acceptance testing, vendor viability, and code updates are important factors, they do not directly address the security and accessibility of the source code itself in an escrow context.