Certified Information Systems Auditor (CISA) — Question 124

While planning a review of IT governance, the IS auditor is MOST likely to:

Answer options

• A. obtain information about the framework of control adopted by management.
• B. examine audit committee minutes for IS-related matters and their control.
• C. assess whether business process owner responsibilities are consistent across the organization.
• D. review compliance with policies and procedures issued by the board of directors.

Correct answer: A

Explanation

The correct answer is A because understanding the control framework used by management is fundamental to assessing the effectiveness of IT governance. While examining audit committee minutes, assessing business process owner responsibilities, and reviewing compliance with policies are important, they do not provide the foundational insight into the governance structure that the control framework does.