Certified Information Systems Auditor (CISA) — Question 935

Which of the following should be the role of internal audit in an organization’s move to the cloud?

Answer options

• A. Identifying and mitigating risk to an acceptable level
• B. Identifying impacts to organizational budgets and resources
• C. Implementing security controls for data prior to migration
• D. Serving as a trusted partner and advisor

Correct answer: A

Explanation

The internal audit's primary role during a cloud transition is to identify and mitigate risks, ensuring that these risks are kept at an acceptable level. While understanding budget impacts, implementing security controls, and serving as an advisor are important, they do not directly align with the core responsibility of internal audit in managing risk effectively.