CISA Certified Information Systems Auditor – Question0417

An IS auditor is reviewing IT policies and found that most policies have not been reviewed in over 3 years. The MOST significant risk is that the policies do not reflect:

A.
current legal requirements.
B. the vision of the CEO.
C. the mission of the organization.
D. current industry best practices.

Correct Answer: A