CISA Certified Information Systems Auditor – Question2928

When reviewing an organization's approved software product list, which of the following is the MOST important thing to verify?

A.
The risks associated with the use of the products are periodically assessed
B. The latest version of software is listed for each product
C. Due to licensing issues the list does not contain open source software
D. After hours’ support is offered

Correct Answer: A

Explanation:

Explanation:
Since the business conditions surrounding vendors may change, it is important for an organization to conduct periodic risk assessments of the vendor software list. This might be best incorporated into the IT risk management process. Choices B, C and D are possible considerations but would not be the most important.