Certified Information Systems Auditor (CISA) — Question 678

An IS auditor reviewing a project to acquire an IT-based solution learns the risk associated with project failure has been assessed as high. What is the auditor's
BEST course of action?

Answer options

• A. Reassess project costs to ensure they are within the organization's risk tolerance.
• B. Review benefits realization against the business case.
• C. Inform management about potential losses due to project failure.
• D. Review the risk monitoring process during project execution.

Correct answer: D

Explanation

The correct answer is D because reviewing the risk monitoring process during project execution helps ensure that risks are being tracked and managed effectively, thereby minimizing the chance of project failure. Options A and B do not directly address the high risk of failure, and option C, while informative, does not contribute to mitigating the risk itself.