CISA Certified Information Systems Auditor – Question2808

When auditing the proposed acquisition of a new computer system, an IS auditor should FIRST establish that:

A.
a clear business case has been approved by management.
B. corporate security standards will be met.
C. users will be involved in the implementation plan.
D. the new system will meet all required user functionality.

Correct Answer: A

Explanation:

Explanation:
The first concern of an IS auditor should be to establish that the proposal meets the needs of the business, and this should be established by a clear business case. Although compliance with security standards is essential, as is meeting the needs of the users and having users involved in the implementation process, it is too early in the procurement process for these to be an IS auditor’s first concern.