An audit is an important part of any control system. Which of the following is not a question that would typically be asked as part of an information systems audit?
A) Are there sufficient controls in the system? Which areas are not covered by controls?
B) Are the controls implemented properly? Are the controls effective?
C) What is the cost of the controls? What is the ROI return on investment) associated with system controls?
D) Are there procedures to ensure reporting and corrective actions in case of violations of controls?

Question

Quizplus · Accepted Answer

While the cost and ROI of controls may be a consideration for management, it is not a typical question asked as part of an information systems audit. The focus of an audit is on evaluating the effectiveness and implementation of controls, as well as identifying any areas lacking in sufficient controls or procedures for reporting and corrective actions.

An Audit Is an Important Part of Any Control System