Certified Information Systems Auditor (CISA) — Question 506

Many departments of an organization have not implemented audit recommendations by their agreed upon target dates. Who should address this situation?

Answer options

• A. Head of internal audit
• B. External auditor
• C. Department managers
• D. Senior management

Correct answer: D

Explanation

The responsibility to address non-compliance with audit recommendations typically falls on senior management, as they oversee the operations and ensure that departments adhere to internal controls. In contrast, the head of internal audit and external auditor focus on conducting audits and providing oversight, while department managers are accountable for their specific areas but may need direction from senior management to fulfill these obligations.