During an IT governance audit, an IS auditor notes that IT policies and procedures are not regularly reviewed and updated.
The GREATEST concern to the IS auditor is that policies and procedures might not:
Click on the arrows to vote for the correct answer
A. B. C. D.D.
The correct answer is A. reflect current practices.
Explanation:
IT policies and procedures are a critical aspect of IT governance, as they define the rules and guidelines for how IT resources and systems should be used, managed, and protected within an organization. However, over time, the business and IT environments can change, and the policies and procedures may no longer reflect current practices or address new risks and threats. This can result in outdated or ineffective policies and procedures that do not adequately protect the organization's assets.
Regularly reviewing and updating policies and procedures is, therefore, a crucial component of effective IT governance. By doing so, an organization can ensure that its policies and procedures are up to date, aligned with the current business and IT environments, and effectively mitigate risks and protect assets.
While incorporating changes to relevant laws, subjecting policies and procedures to adequate quality assurance (QA), and including new systems and corresponding process changes are all important considerations, they are not the greatest concern to the IS auditor. These issues can also be addressed through regular policy and procedure reviews and updates, ensuring that the policies and procedures reflect current best practices, legal requirements, and organizational needs.