Certified Information Systems Auditor (CISA) — Question 444

Which of the following activities provides an IS auditor with the MOST insight regarding potential single person dependencies that might exist within the organization?

Answer options

• A. Reviewing vacation patterns
• B. Interviewing senior IT management
• C. Mapping IT processes to roles
• D. Reviewing user activity logs

Correct answer: C

Explanation

Mapping IT processes to roles (option C) is essential as it directly highlights specific responsibilities that may rely on a single individual, revealing potential vulnerabilities. While reviewing vacation patterns (option A) and interviewing senior IT management (option B) provide some insights, they do not specifically identify dependencies as clearly as option C. Reviewing user activity logs (option D) can show what users are doing but does not effectively pinpoint single-person dependencies.