Certified Information Systems Auditor (CISA) — Question 436

Which of the following should be the MOST important consideration when conducting a review of IT portfolio management?

Answer options

• A. Adherence to best practice and industry approved methodologies
• B. Frequency of meetings where the business discusses the IT portfolio
• C. Assignment of responsibility for each project to an IT team member
• D. Controls to minimize risk and maximize value for the IT portfolio

Correct answer: D

Explanation

The correct answer, D, emphasizes the importance of risk management and value optimization in IT portfolio management. While adherence to best practices, meeting frequency, and responsibility assignment are important, they do not directly address the overall effectiveness of the portfolio in terms of risk and value.