Certified Information Systems Auditor (CISA) — Question 327

A PRIMARY benefit derived by an organization employing control self-assessment (CSA) techniques is that CSA:

Answer options

• A. can identify high-risk areas for detailed review.
• B. allows IS auditors to independently assess risk.
• C. can be used as a replacement for traditional audits.
• D. allows management to relinquish responsibility for control.

Correct answer: A

Explanation

The correct answer, A, highlights that CSA techniques help pinpoint areas of high risk that require further evaluation. Option B is incorrect because CSA does not replace the need for IS auditors' assessments; it complements their work. Option C is misleading as CSA should not be seen as a substitute for traditional audits, and option D is false since management retains responsibility for controls even when using CSA.