Certified Information Systems Auditor (CISA) — Question 1348

Which of the following observations noted by an IS auditor reviewing internal IT standards is MOST important to address?

Answer options

• A. The standards have no reference to an industry-recognized framework.
• B. The standards are not detailed in policies and procedures.
• C. The standards are not readily available to organization-wide users.
• D. The standards have not been revised within the last year.

Correct answer: B

Explanation

The correct answer is B because detailed policies and procedures are essential for effective implementation and compliance with IT standards. While the other options highlight important aspects, the clarity and detail in policies and procedures directly impact the organization's ability to enforce standards effectively.