Certified Information Systems Auditor (CISA) — Question 385

Which of the following must be in place before an IS auditor initiates audit follow-up activities?

Answer options

• A. A management response in the final report with a committed implementation date
• B. A heat map with the gaps and recommendations displayed in terms of risk
• C. Supporting evidence for the gaps and recommendations mentioned in the audit report
• D. Available resources for the activities included in the action plan

Correct answer: A

Explanation

The correct answer is A, as a management response with a committed implementation date is essential for accountability and tracking progress. Options B, C, and D may provide useful context or support, but they do not constitute a prerequisite for initiating follow-up activities.