Certified Information Systems Auditor (CISA) — Question 860

Concerned about a major data security breach, the chief executive officer (CEO) has asked for a detailed audit of the network security function. A recent reorganization has left the IS audit department with limited technical experience. The BEST course of action for the IS audit manager is to:

Answer options

• A. assign the most senior IS auditors to the network security audit.
• B. accept the audit request but postpone the audit until network training can be obtained.
• C. contract with an external organization to perform the audit.
• D. give the audit high priority in next year's audit plan.

Correct answer: C

Explanation

The correct answer is C because contracting with an external organization ensures that the audit is conducted by experienced professionals who have the necessary expertise to thoroughly assess network security. Options A and D do not address the immediate lack of technical skill within the audit team, while B would delay the audit unnecessarily, potentially exposing the organization to ongoing security risks.