Exam CISA topic 1 question 246 discussion

When planning a review of IT governance, the IS auditor is most likely to "A. obtain information about the framework of control adopted by management." Understanding the framework of control adopted by management provides insights into how IT governance is structured within the organization. This includes examining policies, procedures, and standards established by management to ensure that IT resources are used effectively, risks are managed appropriately, and organizational objectives are achieved. Assessing the framework of control allows the auditor to evaluate the effectiveness of IT governance processes and identify areas for improvement. While consistency of business process owner responsibilities (option C) is also important for effective IT governance, obtaining information about the control framework provides a broader understanding of how governance is structured and managed within the organization.

Q: While planning a review of IT governance... Answer: A

should be B

A for me. Keyword 'planning'

When you are planning to review a process or a department, you should go first to review related laws, policies or procedures, and then go to other things.

Tricky question as it says planning a review not performing the actual review, so answer is A. The other options will be more suited to performing review of the IT governance within an organization

I will go withe D

D IS THE ONE

The correct is :B (checked in another website)

The most important factor for the IS auditor to consider while planning a review of IT governance is obtaining information about the framework of control adopted by management. This is because the framework of control provides the structure for managing risks and ensuring that controls are in place to meet the organization's objectives. The other options may be relevant considerations, but they are not as crucial as understanding the framework of control that is in place.