Certified Information Systems Auditor (CISA) — Question 489
Following a merger, a review of an international organization determines the IT steering committee's decisions do not extend to regional offices as required in the consolidated IT operating model. Which of the following is the IS auditor's BEST recommendation?
Answer options
- A. Create regional centers of excellence.
- B. Engage an IT governance consultant.
- C. Update the IT steering committee's formal charter.
- D. Create regional IT steering committees.
Correct answer: C
Explanation
The best recommendation is to update the IT steering committee's formal charter to ensure that its decisions are applicable to regional offices, aligning with the consolidated IT operating model. Creating regional committees or centers of excellence may not address the root issue of governance and oversight, while engaging a consultant could be unnecessary if the existing charter can be effectively revised.