Certified Information Systems Auditor (CISA) — Question 407

Which of the following should be done by an IS auditor during a post-implementation review of a critical application that has been operational for six months?

Answer options

• A. Test program system interfaces.
• B. Verify the accuracy of data conversions.
• C. Assess project management risk reports.
• D. Examine project change request logs.

Correct answer: D

Explanation

The correct option is D, as examining project change request logs provides insight into any modifications made to the application post-implementation. Options A and B focus on aspects that are typically reviewed during initial testing phases, while option C relates to project management rather than the specific operational performance of the application.