Certified Information Systems Auditor (CISA) — Question 837

An IS auditor is evaluating an organization's IT strategy and plans. Which of the following would be of GREATEST concern?

Answer options

• A. IT is not engaged in business strategic planning.
• B. The business strategy meeting minutes are not distributed.
• C. There is inadequate documentation of IT strategic planning.
• D. There is not a defined IT security policy.

Correct answer: A

Explanation

The greatest concern is that IT is not engaged in business strategic planning (A), as this disconnect can lead to misalignment between IT initiatives and business goals. While the other options indicate issues, they do not have the same immediate impact on the overall alignment and effectiveness of IT within the organization.