An IS auditor is reviewing IT policies and found that most policies have not been reviewed in over 3 years. The MOST significant risk is that the policies do not reflect:
A. current legal requirements.
B. the vision of the CEO.
C. the mission of the organization.
D. current industry best practices.
A. current legal requirements.
B. the vision of the CEO.
C. the mission of the organization.
D. current industry best practices.