Learn the most concerning issue for an IS auditor reviewing an IT steering committee in this CISA exam question. Discover why business representation is critical.
Table of Contents
Question
An IS auditor reviewing an IT organization should be MOST concerned if the IT steering committee:
A. does not meet regularly for oversight of IT investments and projects.
B. consults the board of directors on procedural and standard changes.
C. reviews IT-related policies and standards only once per year.
D. does not include business-level representation.
Answer
D. does not include business-level representation.
Explanation
The most concerning issue for an IS auditor reviewing an IT organization’s steering committee is if the committee does not include business-level representation (Option D).
An effective IT steering committee should have representation from both IT and business stakeholders. Business representation is critical to ensure that IT investments, projects, policies, and standards align with and support the organization’s overall business objectives and strategies. Without business-level involvement, there is a risk that IT initiatives may not adequately meet business needs or deliver value.
While the other options listed are also potential concerns, they are less critical than the lack of business representation:
A) Not meeting regularly for oversight is a concern, but even with regular meetings, the committee may be ineffective without business input.
B) Consulting the board on procedural and standard changes is generally a good practice for keeping the board informed and aligned.
C) Reviewing policies and standards only annually is not ideal, but at least there is some level of review. More frequent reviews are preferable.
In summary, while all the issues mentioned warrant attention from an IS auditor, the absence of business representation on the IT steering committee is the most significant concern as it fundamentally impacts the committee’s ability to govern IT effectively in alignment with business goals. The auditor should prioritize this finding and recommend adding business stakeholders to the committee.
The key points are:
- Business representation on the IT steering committee is the most critical concern
- Business input ensures IT aligns with and supports business objectives
- Without business involvement, IT initiatives may not adequately meet business needs
- The other issues are concerns but less fundamental than business representation
- The auditor should prioritize the lack of business members as a key finding
ISACA CISA certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the ISACA CISA exam and earn ISACA CISA certification.