Certified Information Systems Auditor (CISA) — Question 822
An IS auditor is asked to provide feedback on the systems options analysis for a new project. The BEST course of action for the IS auditor would be to:
Answer options
- A. request at least one other alternative.
- B. comment on the criteria used to assess the alternatives.
- C. retain comments as findings for the audit report.
- D. identify the best alternative.
Correct answer: B
Explanation
The best course of action for the IS auditor is to comment on the criteria used to assess the alternatives, as this ensures that the evaluation process is rigorous and transparent. Requesting additional alternatives or retaining comments may not address potential flaws in the evaluation criteria, while identifying the best alternative without assessing the criteria could lead to biased decisions.