Certified Information Systems Auditor (CISA) — Question 566

Which of the following is MOST important to review when planning for an IS audit of an organization's cross-border data transfers?

Answer options

• A. Previous external audit reports
• B. Applicable regulatory requirements
• C. Offshore supplier risk assessments
• D. Long-term IS strategy

Correct answer: B

Explanation

The correct answer is B, as understanding the applicable regulatory requirements ensures compliance with laws governing data transfers, which is crucial for an IS audit. While previous audit reports, offshore supplier risk assessments, and long-term IS strategy are relevant, they do not take precedence over the need to comply with legal standards that directly affect cross-border data transfers.