Which of the following should be the GREATEST concern to an IS auditor evaluating an organization’s policies?
A. Policies are not formally approved by the management.
B. Policies are nor formally acknowledged and signed by employees.
C. Policies do not provide adequate protection to the organization.
D. Policies are not reviewed and updated frequently.
A. Policies are not formally approved by the management.
B. Policies are nor formally acknowledged and signed by employees.
C. Policies do not provide adequate protection to the organization.
D. Policies are not reviewed and updated frequently.