During an IT governance audit, an IS auditor notes that IT policies and procedures are not regularly reviewed and updated. The GREATEST concern to the IS auditor is that policies and procedures might not:
A.
reflect current practices.
B.
be subject to adequate quality assurance (QA).
C.
include new systems and corresponding process changes.
Review is conducted to be sure it reflects current practices. Regulation change may change your way of doing your business but law/regulation change may happen in 10 years. I am asking "is it ok for a company not to review their policies and procedures for 10 years?". Answer is is clearly A. If regulation change you will change your way of doing your business, therefor its main purpose.
compliance with laws and regulations is always the highest priority in governance audits. Non-compliance risks can lead to financial, legal, and operational consequences, making option D the best choice თამთა შენს გასაგონად ვამბობ!
The outdated IT policies and procedures might not reflect changes in relevant laws and regulations. This poses significant compliance risks, legal liabilities, and potential penalties for the organization. Ensuring policies are updated to incorporate changes to laws is critical for maintaining regulatory compliance and avoiding legal exposure.
D. incorporate changes to relevant laws.
The greatest concern for an IS auditor when IT policies and procedures are not regularly reviewed and updated is that they might not incorporate changes to relevant laws and regulations. Compliance with legal and regulatory requirements is critical for any organization, and failure to do so can result in significant legal penalties, financial losses, and damage to the organization's reputation.
However, the term "GREATEST concern" in the question implies identifying the most critical issue among the options. Reflecting current practices (Option A) is often considered the top priority because it ensures that policies and procedures are not only compliant but also effective in addressing the current state of technology, business operations, and security practices. Keeping policies in line with current practices is fundamental for maintaining a robust IT governance framework.
While incorporating changes to relevant laws, subjecting policies and procedures to adequate quality assurance (QA), and including new systems and corresponding process changes are all important considerations, they are not the greatest concern to the IS auditor. These issues can also be addressed through regular policy and procedure reviews and updates, ensuring that the policies and procedures reflect current best practices, legal requirements, and organizational needs.
A. reflect current practices.
Regular review and updates of IT policies and procedures are important to ensure that they align with current practices and standards. Failure to do so can result in policies and procedures becoming outdated, which can create risks and vulnerabilities for the organization. While the other options listed are also important, the primary concern for the IS auditor is to ensure that policies and procedures are up-to-date and accurately reflect the organization's current IT environment.
This section is not available anymore. Please use the main Exam Page.CISA Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Victor83516
Highly Voted 2 years, 1 month agofrisbg
Highly Voted 1 year, 5 months agoIlation
Most Recent 2 months agoSaiRamKumar
3 months, 2 weeks ago1Naa
4 months, 2 weeks agoKAP2HURUF
5 months agoa84n
6 months, 1 week ago5b56aae
6 months, 2 weeks agosundersam23
9 months agoKAP2HURUF
10 months, 1 week agooldmagic
1 year, 4 months ago3008
1 year, 4 months agoNDUBU
1 year, 6 months agosaado9
1 year, 7 months agoMAKAYA
1 year, 9 months ago