Certified Information Systems Auditor (CISA) — Question 275

An IS auditor is reviewing the maturity of a large organization's IT governance. Which of the following BEST demonstrates that IT governance has been effectively implemented?

Answer options

• A. The board reviews compliance with legal and regulatory requirements.
• B. The board monitors adherence to the organization's information security policy.
• C. The board reviews strategic IT key performance indicators (KPIs).
• D. The board approves necessary resources for IT security reviews.

Correct answer: C

Explanation

The correct answer is C, as reviewing strategic IT key performance indicators (KPIs) demonstrates that the board is actively engaged in overseeing the effectiveness of IT governance. Options A and B focus on compliance and adherence, which are important but do not necessarily reflect the strategic alignment of IT with organizational goals. Option D, while relevant for resource allocation, does not directly indicate the maturity of governance practices.