Certified Information Systems Auditor (CISA) — Question 351

Which of the following is the PRIMARY responsibility of an internal IS auditor regarding IT controls?

Answer options

• A. Providing independent assurance to the public over IT controls implemented by the organization
• B. Continuously monitoring IT control operations and reporting any abnormal or exceptional cases
• C. Designing and deploying IT controls as part of normal operations
• D. Validating IT control effectiveness after implementation across the organization

Correct answer: D

Explanation

The correct answer is D because the internal IS auditor's key role is to validate the effectiveness of IT controls after they have been implemented to ensure they function as intended. Option A is incorrect because providing assurance to the public is typically a responsibility of external auditors. Option B is not the primary responsibility, as continuous monitoring is more operational and not a core auditing function. Option C is incorrect as designing and deploying controls falls under operational management, not auditing.