Certified Information Systems Auditor (CISA) — Question 387

Which of the following audit procedures would be MOST conclusive in evaluating the effectiveness of on e-commerce application system's edit routine?

Answer options

• A. Review of program documentation
• B. Review of source code
• C. Use of test transactions
• D. Interviews with knowledgeable users

Correct answer: C

Explanation

Using test transactions allows auditors to directly observe how the edit routine processes various inputs and identifies errors, providing clear evidence of its effectiveness. In contrast, reviewing documentation or source code may not reveal how the system performs in real scenarios, and interviews with users, while informative, do not provide definitive proof of the routine's functionality.