Certified Information Systems Auditor (CISA) — Question 282

Which of the following applications has the MOST inherent risk and should be prioritized during audit planning?

Answer options

• A. An internally developed application
• B. An onsite application that is unsupported
• C. A decommissioned legacy application
• D. An outsourced accounting application

Correct answer: A

Explanation

The correct answer is A because internally developed applications often lack thorough testing and documentation, leading to heightened risks. Options B and C, while risky, are generally easier to identify and manage due to their unsupported status or decommissioned nature. Option D may have risks, but outsourced applications usually have external oversight that can mitigate some risks.