Certified Information Systems Auditor (CISA) — Question 561

Which of the following should be an IS auditor's GREATEST consideration when scheduling follow-up activities for agreed-upon management responses to remediate audit observations?

Answer options

• A. IT budgeting constraints
• B. Availability of responsible IT personnel
• C. Risk rating of original findings
• D. Business interruption due to remediation

Correct answer: C

Explanation

The correct answer is C because the risk rating of original findings helps prioritize follow-up actions based on the severity of the issues identified. While factors like IT budgeting constraints, personnel availability, and potential business interruptions are important, they should take a backseat to addressing the highest risk items first.