Certified Information Systems Auditor (CISA) — Question 655

An IS auditor has been asked to review a recently implemented quality management system (QMS). Which of the following should be the auditor’s PRIMARY focus?

Answer options

• A. Training materials prepared for coaching employees
• B. Processes to measure the performance of business-critical transactions
• C. Cost-benefit analysis of the development and implementation of the QMS
• D. Stability of the implemented QMS system over a period of time

Correct answer: B

Explanation

The auditor's primary focus should be on processes to measure the performance of business-critical transactions, as this directly impacts the effectiveness of the QMS. While training materials, cost-benefit analysis, and system stability are important, they do not provide direct insight into how well the QMS is functioning in terms of critical business operations.