Certified Information Systems Auditor (CISA) — Question 1452

Which of the following should be an IS auditor's GREATEST concern when an international organization intends to roll out a global data privacy policy?

Answer options

• A. Requirements may become unreasonable.
• B. Local management may not accept the policy.
• C. Local regulations may contradict the policy.
• D. The policy may conflict with existing application requirements.

Correct answer: C

Explanation

The correct answer is C because local regulations often have specific requirements that can differ significantly from a global policy, potentially causing legal issues. Options A and B, while concerns, do not have the same legal implications as local regulations. Option D is also a concern but does not address the priority of compliance with local laws, which is critical for international operations.