Certified Information Systems Auditor (CISA) — Question 528

An organization has begun using social media to communicate with current and potential clients. Which of the following should be of PRIMARY concern to the auditor?

Answer options

• A. Using a third-party provider to host and manage content
• B. Lack of guidance on appropriate social media usage and monitoring
• C. Negative posts by customers affecting the organization's image
• D. Reduced productivity of stuff using social media

Correct answer: B

Explanation

The primary concern for the auditor should be the lack of guidance on appropriate social media usage and monitoring since it can lead to compliance and reputational risks. While negative posts (C) and reduced productivity (D) are important, they stem from the absence of proper policies. Using a third-party provider (A) is a common practice but is not as critical as ensuring there are adequate guidelines in place.