CISM Question #547: Real Exam Question with Answer & Explanation

Sign in or unlock CISM to reveal the answer and full explanation for question #547. The question stem and answer options stay visible for context.

Submitted by chiamaka_o· Apr 18, 2026Information Security Program Development and Management

Question

Which of the following should be the GREATEST concern to an IS auditor evaluating an organization's policies?

Options

APolicies are not formally acknowledged and signed by employees.
BPolicies are not updated on an annual basis.
CPolicies are not reviewed by the chief information officer (CIO).
DPolicies do not identify adequate controls or processes to protect the organization.

Unlock CISM to see the answer

You've previewed enough free CISM questions. Unlock CISM for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.

Unlock CISM - $49.99 / 30 days Sign in

Topics

#Security Policies#Policy Evaluation#Control Adequacy#IS Audit Concerns

Full CISM Practice Browse All CISM Questions