Certified Information Systems Auditor (CISA) — Question 69

During the design phase of a software development project, the PRIMARY responsibility of an IS auditor is to evaluate the:

Answer options

• A. development methodology employed.
• B. controls incorporated into the system specifications.
• C. future compatibility of the design.
• D. proposed functionality of the application.

Correct answer: B

Explanation

The correct answer is B because the IS auditor's primary role is to ensure that appropriate controls are designed into the system specifications to mitigate risks. Options A, C, and D, while relevant, do not focus on the auditor's main responsibility of evaluating controls during the design phase.