Certified Information Systems Auditor (CISA) — Question 925

Which of the following is the MOST appropriate testing approach when auditing a daily data flow between two systems via an automated interface to confirm that it is complete and accurate?

Answer options

• A. Conduct code review for both systems and inspect design documentation.
• B. Inspect interface configurations and an example output of the systems.
• C. Confirm that the encryption standard applied to the interface is in line with best practice.
• D. Perform data reconciliation between the two systems for a sample of 25 days.

Correct answer: D

Explanation

The most suitable approach is to perform data reconciliation over a sample of 25 days, as it directly verifies the completeness and accuracy of the data flow. Other options, while useful, do not directly assess the data integrity and may overlook potential discrepancies in the actual data transfer process.