Certified Information Systems Auditor (CISA) — Question 1228

Which of the following findings should be of GREATEST concern during an audit of IT governance and management?

Answer options

• A. There is no chief information security officer (CISO) position.
• B. The organization is not aligned with an international IT control standard.
• C. There is no IT representation in business strategy committee meetings.
• D. The IT strategy development process is not documented.

Correct answer: C

Explanation

The absence of IT representation in business strategy committee meetings is the most concerning finding because it indicates a lack of integration between IT and business objectives, which can lead to misalignment in strategy and hinder overall organizational effectiveness. While the other options are significant, they do not directly impact the strategic alignment of IT with business goals as severely as option C does.