Certified Information Systems Auditor (CISA) — Question 1246

Which of the following is MOST useful when planning to audit an organization's compliance with cybersecurity regulations in foreign countries?

Answer options

• A. Develop a template that standardizes the reporting of findings from each country's audit team.
• B. Map the different regulatory requirements to the organization's IT governance framework.
• C. Follow the cybersecurity regulations of the country with the most stringent requirements.
• D. Prioritize the audit to focus on the country presenting the greatest amount of operational risk.

Correct answer: B

Explanation

Mapping the different regulatory requirements to the organization's IT governance framework is crucial because it ensures that the organization can systematically address compliance across multiple jurisdictions. The other options, while potentially useful, do not provide a comprehensive approach to aligning with diverse regulatory frameworks effectively.