Certified Information Systems Auditor (CISA) — Question 844

At the end of each business day, a business-critical application generates a report of financial transactions greater than a certain value, and an employee then checks these transactions for errors. What type of control is in place?

Answer options

• A. Deterrent
• B. Preventive
• C. Corrective
• D. Detective

Correct answer: D

Explanation

The correct answer is Detective, as the process of generating and reviewing the report is designed to identify errors that have already occurred. Deterrent, Preventive, and Corrective controls serve different purposes, such as discouraging, preventing, or rectifying issues, respectively, but do not focus on identifying existing problems like the detective control does.