Certified Information Systems Auditor (CISA) — Question 333

During the implementation of a new system, an IS auditor must assess whether certain automated calculations comply with the regulatory requirements. Which of the following is the BEST way to obtain this assurance?

Answer options

• A. Re-perform the calculation with audit software.
• B. Review the source code related to the calculation.
• C. Review sign-off documentation.
• D. Inspect user acceptance test (UAT) results.

Correct answer: A

Explanation

Re-performing the calculation with audit software directly verifies that the automated calculations are accurate and comply with regulatory requirements, making it the best option. Reviewing source code (B) may provide insights but does not guarantee accuracy in calculations. Sign-off documentation (C) and UAT results (D) give context but do not directly assess the correctness of the calculations.