Certified Information Systems Auditor (CISA) — Question 543

The results of an IS audit indicating the need to strengthen controls has been communicated to the appropriate stakeholders. Which of the following is the BEST way for management to enforce implementation of the recommendations?

Answer options

• A. Copy senior management on communications related to the audit
• B. Have stakeholders develop a business case for control changes
• C. Assign ownership to each remediation activity
• D. Request auditors to design a roadmap for closure

Correct answer: C

Explanation

The correct answer, C, is effective because assigning ownership to each remediation activity ensures accountability and clear responsibility for implementation. Options A and B may involve communication and planning but do not guarantee action, while D relies on auditors rather than management to drive the closure process.