Exam CISM topic 1 question 769 discussion

Performing periodic audits for compliance with legal and regulatory requirements (D) is an effective way to provide ongoing assurance that an organization is meeting its obligations. Audits help organizations identify any areas where they may be non-compliant and provide an opportunity to address those issues before they become more serious. Regular audits also help organizations understand how well their processes and controls are working and identify any gaps that need to be addressed. This allows organizations to continuously improve their compliance posture and maintain ongoing confidence in their ability to meet legal and regulatory requirements.

Embedding compliance requirements within operational processes BEST enables an organization to provide ongoing assurance that legal and regulatory compliance requirements can be met. Therefore, the correct answer is option C.

C - continues compliance and proactive management. While option D is also important for verifying compliance, but it's more to a reactive measure. Audits are typically conducted at intervals and may not catch compliance issues that arise between audits.

C. Embedding compliance requirements within operational processes

D- only audit provides assurance. C is an effective approach but is it really effective or not can only be found through D.

C seems to be apt.

Highest level of assurance is done through independent audits. Best answer is D

C seems more frequent ("more ongoing", if you will) than D. Although, providing assurance is usually done via periodic audits.

its C, its embedded into daily functions.

sorry i meant D

c it is

C is good

C. Embedding compliance requirements within operational processes

C. Embedding compliance requirements within operational processes

periodic audit is frequently every 2-3 years if not perform by permanent control (LOD2) but by Internal audit Team (LOD3), therefore I prefer answer C