Certified Information Systems Auditor (CISA) — Question 554

Which of the following should be the PRIMARY objective of conducting an audit follow-up of management action plans?

Answer options

• A. To verify that risks listed in the audit report have been properly mitigated
• B. To ensure senior management is aware of the audit findings
• C. To identify new risks and controls for the organization
• D. To align the management action plans with business requirements

Correct answer: A

Explanation

The primary objective of an audit follow-up is to confirm that the risks mentioned in the audit report have been effectively addressed, making option A correct. Options B and D relate to communication and alignment rather than verification of risk mitigation, while option C focuses on identifying new risks rather than following up on existing management actions.