Certified Information Systems Auditor (CISA) — Question 849

Which of the following should an IS auditor recommend be performed FIRST when evaluating potential enterprise resource planning (ERP) implementation vendors?

Answer options

• A. Review the vendors' past implementations.
• B. Investigate the vendors' financial history.
• C. Check the vendors' client references.
• D. Develop the vendor response scorecard.

Correct answer: D

Explanation

Developing the vendor response scorecard is crucial as it establishes the criteria against which all vendors will be assessed, ensuring a structured evaluation process. Reviewing past implementations, investigating financial history, and checking client references are all important steps, but they should follow the creation of the scorecard to maintain consistency in the evaluation approach.