Certified Information Systems Auditor (CISA) — Question 307
Which of the following is the MOST significant risk that IS auditors are required to consider for each engagement?
Answer options
- A. Irregularities and illegal acts
- B. Noncompliance with organizational policies
- C. Misalignment with business objectives
- D. Process and resource inefficiencies
Correct answer: A
Explanation
The correct answer is A, as irregularities and illegal acts pose the greatest threat to the integrity of an organization's information systems, requiring auditors to prioritize these risks. While noncompliance with policies, misalignment with business objectives, and process inefficiencies are important, they do not have the same potential for legal and financial repercussions as irregularities and illegal acts.