Review Questions

1. What is the difference between a policy and a procedure?

A. Compliance to a policy is discretionary, and compliance to a procedure is mandatory.

B. A procedure provides discretionary advice to aid in decision making. The policy defines specific requirements to ensure compliance.

C. A policy is a high-level document signed by a person of authority, and compliance is mandatory. A procedure defines the mandatory steps to attain compliance.

D. A policy is a mid-level document issued to advise the reader of desired actions in the absence of a standard. The procedure describes suggested steps to use.

2. What does fiduciary responsibility mean?

A. To use information gained for personal interests without breaching confidentiality ...

Get CISA® Certified Information Systems Auditor®: Study Guide, Third Edition now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.