CISA Certified Information Systems Auditor – Question0668

Which of the following is the MOST appropriate action to formalize IT governance in an organization?

A.
Evaluating the IT strategy
B. Modifying IT goals and strategy
C. Establishing an IT steering committee
D. Implementing risk management

Correct Answer: C