Certified Information Systems Auditor (CISA) — Question 667

Which of the following is the PRIMARY purpose of conducting an IS audit follow-up?

Answer options

• A. To align IS audit activities with business objectives
• B. To help management prioritize related risk mitigation activities
• C. To determine the effectiveness of management's responses to risk
• D. To obtain agreement with management on action plan status

Correct answer: C

Explanation

The correct answer is C because the primary purpose of an IS audit follow-up is to assess how well management has addressed identified risks. Options A, B, and D, while important aspects of audit processes, do not focus on evaluating the effectiveness of management's responses, which is the core objective of a follow-up.