Certified Information Systems Auditor (CISA) — Question 1173

When planning a review of IT governance, an IS auditor is MOST likely to:

Answer options

• A. define key performance indicators (KPIs).
• B. obtain information about the control framework adopted by management.
• C. examine audit committee minutes for IT-related controls.
• D. assess whether business process owner responsibilities are consistent.

Correct answer: B

Explanation

The correct answer is B because obtaining information about the control framework is essential for understanding how governance is structured and managed. The other options, while relevant to governance, do not provide the foundational understanding of the control framework that is crucial for an effective governance review.