CISA Certified Information Systems Auditor – Question2731 - CISA Certified Information Systems Auditor

The advantage of a bottom-up approach to the development of organizational policies is that the policies:

A. are developed for the organization as a whole
B. are more likely to be derived as a result of a risk assessment.
C. will not conflict with overall corporate policy.
D. ensure consistency across the organization.

Correct Answer: B

Explanation:

Explanation:
A bottom-up approach begins by defining operational-level requirements and policies, which are derived and implemented as the result of risk assessments. Enterprise-level policies are subsequently developed based on a synthesis of existing operational policies. Choices A, C and D are advantages of a top-down approach for developing organizational policies. This approach ensures that the policies will not be in conflict with overall corporate policy and ensure consistency across the organization.