Certified Information Systems Auditor (CISA) — Question 1302

An IS auditor is reviewing an organization's information asset management process. Which of the following would be of GREATEST concern to the auditor?

Answer options

• A. Process ownership has not been established.
• B. Identification of asset value is not included in the process.
• C. The process does not require specifying the physical locations of assets.
• D. The process does not include asset review.

Correct answer: A

Explanation

The correct answer is A because establishing process ownership is crucial for accountability and effective management. Without defined ownership, responsibilities may become unclear, leading to potential mismanagement. Options B, C, and D, while important, do not present as critical a risk as the absence of process ownership.