CISA Certified Information Systems Auditor – Question0520

Rather than decommission an entire legacy application, an organization’s IT department has chosen to replace specific modules while maintaining those still relevant. Which of the following artifacts is MOST important for an IS auditor to review?

A.
IT service management catalog and service level requirements
B. Security requirements for legacy data masking and data destruction
C. Applicable licensing agreements for the application
D. Future state architecture and requirements

Correct Answer: D