Which of the following should be an IS auditor’s PRIMARY focus when developing a risk-based IS audit program?

CISA V2 0 Comments

Which of the following should be an IS auditor’s PRIMARY focus when developing a risk-based IS audit program?
A . Portfolio management
B . Business plans
C . Business processes
D . IT strategic plans

Answer: C

Explanation:

Business processes should be the primary focus of an IS auditor when developing a risk-based IS audit program, because they represent the core activities and functions of the organization that support its objectives and goals. Business processes also involve the use of IT resources and systems that may pose risks to the organization’s performance and compliance. A risk-based IS audit program should identify and assess the risks associated with the business processes and determine the appropriate audit scope and procedures to provide assurance on their effectiveness and efficiency. Portfolio management, business plans, and IT strategic plans are also relevant factors for developing a risk-based IS audit program, but they are not as important as business processes.

References: CISA Review Manual (Digital Version), Chapter 2, Section 2.2.1

Latest CISA Dumps Valid Version with 2694 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download CISA PDF     CISA Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments