Certified Information Systems Auditor (CISA) — Question 56

An IS auditor is performing a follow-up audit for findings identified in an organization's user provisioning process. Which of the following is the MOST appropriate population to sample from when testing for remediation?

Answer options

• A. All users provisioned after management resolved the audit issue
• B. All users who have followed user provisioning processes provided by management
• C. All users provisioned after the final audit report was issued
• D. All users provisioned after the finding was originally identified

Correct answer: A

Explanation

The correct answer is A because it focuses on users provisioned after the management addressed the specific audit issue, ensuring that the remediation efforts are tested effectively. The other options do not specifically reflect the corrective actions taken after the audit issue was resolved, which may not accurately assess the effectiveness of remediation.