CISA Certified Information Systems Auditor – Question2801 - CISA Certified Information Systems Auditor

Which of the following should be the MOST important consideration when deciding areas of priority for IT governance implementation?

A. Process maturity
B. Performance indicators
C. Business risk
D. Assurance reports

Correct Answer: C

Explanation:

Explanation:
Priority should be given to those areas which represent a known risk to the enterprise’s operations. The level of process maturity, process performance and audit reports will feed into the decision making process. Those areas that represent real risk to the business should be given priority.