CISA Certified Information Systems Auditor – Question0305

Which of the following should be the GREATEST concern to an IS auditor evaluating an organization’s policies?

A.
Policies are not formally approved by the management.
B. Policies are nor formally acknowledged and signed by employees.
C. Policies do not provide adequate protection to the organization.
D. Policies are not reviewed and updated frequently.

Correct Answer: C