Review Questions
1. What is the difference between a policy and a procedure?
A. Compliance to a policy is discretionary, and compliance to a procedure is mandatory.
B. A procedure provides discretionary advice to aid in decision making. The policy defines specific requirements to ensure compliance.
C. A policy is a high-level document signed by a person of authority, and compliance is mandatory. A procedure defines the mandatory steps to attain compliance.
D. A policy is a mid-level document issued to advise the reader of desired actions in the absence of a standard. The procedure describes suggested steps to use.
2. What does fiduciary responsibility mean?
A. To use information gained for personal interests without breaching confidentiality ...
Get CISA® Certified Information Systems Auditor®: Study Guide, Third Edition now with the O’Reilly learning platform.
O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.