CISA Certified Information Systems Auditor – Question0560

Which of the following is MOST important for the IS auditor to verify when reviewing the development process of a security policy?

A.
Evidence of active involvement of key stakeholders
B. Output from the enterprise’s risk management system
C. Identification of the control framework
D. Evidence of management approval

Correct Answer: D