Certified Information Systems Auditor (CISA) — Question 499

What is the MAIN purpose of an organization's internal IS audit function?

Answer options

• A. Provide assurance to management about the effectiveness of the organization's risk management and internal controls.
• B. Identify and initiate necessary changes in the control environment to help ensure sustainable improvement.
• C. Review the organization's policies and procedures against industry best practice and standards.
• D. Independently attest the organization's compliance with applicable legal and regulatory requirements.

Correct answer: A

Explanation

The correct answer is A because the main function of an internal IS audit is to give management confidence in the effectiveness of risk management and internal controls. Options B, C, and D are important activities but serve more specific purposes rather than the overarching assurance role that the internal audit provides.