Certified Information Systems Auditor (CISA) — Question 332

An organization maintains an inventory of the IT applications used by its staff. Which of the following would pose the GREATEST concern with regard to the quality of the inventory data?

Answer options

• A. Inventory data is available on and downloadable from the corporate intranet.
• B. The inventory does not contain a formal risk ranking for all the IT applications.
• C. The application owner and contact information fields are not required to be completed.
• D. The organization has not established a formal recertification process for the inventory data.

Correct answer: D

Explanation

The absence of a formal recertification process for the inventory data (D) would lead to outdated or inaccurate information remaining in the system, which is a significant concern for data quality. While having data available on the intranet (A), lacking risk rankings (B), or optional fields (C) are important, they do not directly compromise the overall integrity of the inventory like a lack of recertification does.