Isaca Updated CISA Exam Questions and Answers by wilf

A post-implementation review (PIR) of a newly modified IT application focuses on ensuring that the system meets business and security requirements effectively. The sufficiency of implemented controls (A) is the most critical aspect because it ensures that security, operational, and compliance controls are functioning correctly. These controls include access controls, data integrity checks, and audit logs to prevent unauthorized access, data corruption, or security breaches.

Other options:

Resource management plan (B) is important for project management but is not the primary concern for an IS auditor in a post-implementation review.

Updates required for end-user manuals (C) are necessary for usability but do not impact the security or operational integrity of the system.

Rollback plans for changes (D) are important for change management but are typically assessed before deployment, not in a PIR.

Comprehensive and Detailed Step-by-Step Explanation:

Astress testevaluates system performance under extreme conditions, such as high user loads, to determine how the system behaves under peak traffic or resource exhaustion.

Stress Testing (Correct Answer – A)

Identifies performance bottlenecks in software applications.

Helps ensure the ERP system can handle expected workloads.

Example:Simulating thousands of concurrent users accessing the ERP system to test response times and server load capacity.

Parallel Testing (Incorrect – B)

Compares a new system with an old one but does not test system performance under load.

Regression Testing (Incorrect – C)

Tests whether recent code changes have affected existing functionality but does not focus on performance.

Interface Testing (Incorrect – D)

Checks interactions between system components but does not measure performance.