Certified Information Systems Auditor (CISA) — Question 583

Which of the following is MOST important for an IS auditor to assess during a post-implementation review of a newly modified IT application developed in-house?

Answer options

• A. Rollback plans for changes
• B. Sufficiency of implemented controls
• C. Updates required for end user manuals
• D. Resource management plan

Correct answer: B

Explanation

The sufficiency of implemented controls is crucial to ensure that the application operates securely and effectively, which is why option B is the correct answer. Options A, C, and D, while important, do not directly relate to the effectiveness and security of the application's controls in a post-implementation context.