CISA Certified Information Systems Auditor – Question0263

After the release of an application system, an IS auditor wants to verify that the system is providing value to the organization. The auditor’s BEST course of action would be to:

A.
review the results of compliance testing.
B. quantify improvements in client satisfaction.
C. confirm that risk has declined since the application system release.
D. perform a gap analysis against the benefits defined in the business case.

Correct Answer: D