CISA Certified Information Systems Auditor – Question2836

Before implementing controls, management should FIRST ensure that the controls:

A.
satisfy a requirement in addressing a risk issue.
B. do not reduce productivity.
C. are based on a cost-benefit analysis.
D. are detective or corrective.

Correct Answer: A

Explanation:

Explanation:
When designing controls, it is necessary to consider all the above aspects. In an ideal situation, controls that address all these aspects would be the best controls. Realistically, it may not be possible to design them all and cost may be prohibitive; therefore, it is necessary to first consider the preventive controls that attack the cause of a threat.