Certified Information Systems Auditor (CISA) — Question 469

An organization has made a strategic decision to split into separate operating entities to improve profitability. However, the IT infrastructure remains shared between the entities. Which of the following would BEST help to ensure that IS audit still covers key risk areas within the IT environment as part of its annual plan?

Answer options

• A. Developing a risk-based plan considering each entity's business processes
• B. Conducting an audit of newly introduced IT policies and procedures
• C. Revising IS audit plans to focus on IT changes introduced after the split
• D. Increasing the frequency of risk-based IS audits for each business entity

Correct answer: A

Explanation

Option A is correct because developing a risk-based plan tailored to each entity's business processes ensures that all significant risk areas are considered within the shared IT infrastructure. The other options focus on specific audits or frequency changes, which may not comprehensively address the risks across all entities in a shared environment.