CISA Certified Information Systems Auditor – Question0687

Which of the following is the BEST indication that an organization has achieved legal and regulatory compliance?

A.
The board of directors and senior management accept responsibility for compliance.
B. An independent consultant has been appointed to ensure legal and regulatory compliance.
C. Periodic external and internal audits have not identified instances of noncompliance.
D. The risk management process incorporates noncompliance as a risk.

Correct Answer: C