Certified Information Systems Auditor (CISA) — Question 582

Which of the following would MOST likely impair the independence of the IS auditor when performing a post-implementation review of an application system?

Answer options

• A. The IS auditor implemented a specific control during the development of the application system.
• B. The IS auditor designed an embedded audit module exclusively for auditing the application system.
• C. The IS auditor participated as a member of the application system project team, but did not have operational responsibilities.
• D. The IS auditor provided consulting advice concerning application system best practices.

Correct answer: A

Explanation

The correct answer is A because if the IS auditor implemented a control, they may have a vested interest in the outcome of the audit, affecting their objectivity. Options B, C, and D do not inherently compromise independence, as they involve activities that do not directly influence the auditor's impartiality regarding the system's review.