Certified Information Systems Auditor (CISA) — Question 820

An IS auditor assessing the controls within a newly implemented call center would FIRST:

Answer options

• A. gather information from the customers regarding response times and quality of service.
• B. test the technical infrastructure at the call center.
• C. review the manual and automated controls in the call center.
• D. evaluate the operational risk associated with the call center.

Correct answer: D

Explanation

The correct answer is D because understanding operational risks is crucial before evaluating specific controls. Options A, B, and C focus on gathering feedback, testing infrastructure, and reviewing controls, but these steps should come after assessing the overall risk associated with the operations.