Certified Chief Information Security Officer (CCISO) — Question 160

The effectiveness of an audit is measured by?

Answer options

• A. The number of security controls the company has in use
• B. How it exposes the risk tolerance of the company
• C. The number of actionable items in the recommendations
• D. How the recommendations directly support the goals of the company

Correct answer: D

Explanation

The correct answer, D, is right because the effectiveness of an audit is determined by how well the recommendations help achieve the organization's goals. Options A, B, and C focus on metrics that do not directly link the recommendations to the strategic aims of the company.