Certified Information Systems Auditor (CISA) — Question 996

Which of the following documents should specify roles and responsibilities within an IT audit organization?

Answer options

• A. Organizational chart
• B. Annual audit plan
• C. Audit charter
• D. Engagement letter

Correct answer: C

Explanation

The Audit charter is the correct answer because it formally defines the purpose, authority, and responsibility of the audit function, including roles and responsibilities. The Organizational chart may show the structure but does not detail the specific roles, while the Annual audit plan outlines audit activities and the Engagement letter pertains to specific audits rather than roles within the audit organization.