Certified Information Systems Auditor (CISA) — Question 1320

What should an IS auditor review FIRST to verify that an organization’s IT strategy is effectively implemented?

Answer options

• A. Information security procedures
• B. The IT governance framework
• C. Process maturity of IT general controls
• D. The most recent audit results

Correct answer: B

Explanation

The IT governance framework is essential for aligning IT strategies with business objectives, making it the first point of review. While the other options are important, they are secondary to understanding how the IT governance framework supports the overall strategy and its implementation.