CISA Certified Information Systems Auditor – Question2274 - CISA Certified Information Systems Auditor

A PRIMARY benefit derived by an organization employing control self-assessment (CSA) techniques is that CSA:

A. can identify high-risk areas for detailed review.
B. allows IS auditors to independently assess risk.
C. can be used as a replacement for traditional audits.
D. allows management to relinquish responsibility for control.

Correct Answer: A

Explanation:

Explanation:
CSA is predicated on the review of high-risk areas that either need immediate attention or a more thorough review at a later date. Choice B is incorrect, because CSA requires the involvement of auditors and line management. What occurs is that the internal audit function shifts some of the control monitoring responsibilities to the functional areas. Choice C is incorrect because CSA is not a replacement for traditional audits. CSA is not intended to replace audit’s responsibilities, but to enhance them. Choice D is incorrect, because CSA does not allow management to relinquish its responsibility for control.