CISA Certified Information Systems Auditor – Question0676

Which of the following observations should be of GREATEST concern to an IS auditor performing a review of an organization’s IT governance structure?

A.
The chief risk officer is also the chief information officer.
B. The chief information officer is prohibited from making capital decisions regarding IT.
C. The IT steering committee has oversight of the IT budget.
D. There are no IT subject matter expects on the board of directors.

Correct Answer: A