Certified Information Systems Auditor (CISA) — Question 507

Management has decided to include a compliance manager in the approval process for a new business that may require changes to the IT infrastructure. Which of the following is the GREATEST benefit of this approach?

Answer options

• A. Process accountabilities to external stakeholders are improved.
• B. Security breach incidents can be identified in early stages.
• C. Regulatory risk exposures can be identified before they materialize.
• D. Fewer reviews are needed when updating the IT compliance process.

Correct answer: C

Explanation

Involving a compliance manager helps in identifying regulatory risks before they manifest, which is crucial in avoiding potential legal issues. While improving accountability and early identification of security breaches are valuable, they do not provide the same level of proactive risk management as recognizing regulatory risks. Reducing the number of reviews is not a significant benefit in this context, as thorough compliance is essential.