An IS auditor is evaluating an organization's IT strategy and plans.
Which of the following would be of GREATEST concern?
Click on the arrows to vote for the correct answer
A. B. C. D.B.
In evaluating an organization's IT strategy and plans, the IS auditor would be concerned with ensuring that the IT strategy aligns with the organization's overall business strategy, and that there are appropriate policies and procedures in place to ensure the security and confidentiality of the organization's information assets. Based on this, option B, "IT is not engaged in business strategic planning" would be of the greatest concern.
This is because if IT is not engaged in business strategic planning, there is a risk that the IT strategy may not align with the organization's overall business objectives. This could lead to inefficient use of IT resources, duplication of effort, or a lack of support for critical business processes. Furthermore, it could result in missed opportunities to leverage IT to create business value or competitive advantage.
While the other options listed (inadequate documentation of IT strategic planning, undefined IT security policy, and non-disturbing business strategy meeting minutes) are also areas of concern, they are not as critical as ensuring that the IT strategy is aligned with the organization's overall business strategy.
For example, inadequate documentation of IT strategic planning could make it difficult for the organization to understand its IT goals and objectives, but it would not necessarily prevent IT from aligning with the business strategy. Similarly, while a lack of defined IT security policy could pose a risk to the organization's information assets, it would not necessarily impact the alignment of IT with the business strategy. Finally, non-disturbing business strategy meeting minutes are not related to the IT strategy and plans and would not impact the IS auditor's evaluation.