An internal auditor conducts an assessment of a two-year-old IT risk management program. Which of the following findings should be of MOST concern to the CIO?

December 9, 2021 by Admin

An internal auditor conducts an assessment of a two-year-old IT risk management program. Which of the following findings should be of MOST concern to the CIO?

  • Organizational responsibility for IT risk management is not clearly defined.
  • IT risk training records are not properly retained in accordance with established schedules.
  • None of the members of the IT risk management team have risk management-related certifications.
  • Only a few key risk indicators identified by the IT risk management team are being monitored and the rest will be on a phased schedule.

Leave a Reply