CISA Certified Information Systems Auditor – Question0459

An organization developed a comprehensive three-year IT strategic plan. Halfway into the plan, a major legislative change impacting the organization is enacted. Which of the following should be management’s NEXT course of action?

A.
Develop specific procedural documentation related to the changed legislation.
B. Assess the legislation to determine whether are required to the strategic IT plan.
C. Perform a risk management of the legislative changes.
D. Develop a new IT strategic plan that encompasses the new legislation.

Correct Answer: B