Certified Information Systems Auditor (CISA) — Question 973

Which of the following changes intended to improve and streamline an organization's incident management process would be a potential concern to an IS auditor?

Answer options

• A. Implementing automatic reporting for all open incidents over three months old
• B. Enabling the capability for the individual reporting the incident to assign priority to a ticket
• C. Configuring automated messaging to service lines notifying them of the status of the ticket
• D. Introducing self-service functions for selected low-complexity incident types

Correct answer: B

Explanation

The correct answer, B, is concerning because allowing individuals to assign priority could lead to inconsistent prioritization and potential misuse. Options A, C, and D focus on improving communication and efficiency without directly impacting the integrity of incident prioritization.