Certified Information Systems Auditor (CISA) — Question 945
When evaluating evidence as part of an IS audit, which of the following sources should be considered MOST reliable?
Answer options
- A. Evidence demonstrated in front of the auditor
- B. Evidence provided directly from the auditee
- C. Evidence curated by senior management
- D. Evidence provided by a third party
Correct answer: A
Explanation
The most reliable evidence in an IS audit is that which is demonstrated directly in front of the auditor, as it allows for real-time verification and observation. Evidence from the auditee may be biased, while curated evidence from senior management could lack objectivity. Third-party evidence, while potentially valuable, does not provide the same level of direct validation as evidence presented in the audit setting.