CISA Certified Information Systems Auditor – Question1077

An external security audit risk has reported multiple instances of control noncompliance. Which of the following would be MOST important for the information security manager to communicate to senior management?

A.
The impact of noncompliance on the organization’s risk profile
B. An accountability report to initiate remediation activities
C. A plan for mitigating the risk due to noncompliance
D. Control owner responses based on a root cause analysis

Correct Answer: A