Answers to Review Questions

1. B. The purpose of the steering committee is to bring the awareness of business issues and objectives to IT management. An effective steering committee will focus on the service level necessary to support the business strategy.

2. A. The incremental approach uses bottom-up modeling of the existing process. Overall gains tend to be small because this method focuses so hard on current processes. All the other choices represent a think-big (top-down) approach without limitations. Top-down looks at what it could be, not what it is (end-state).

3. D. The Capability Maturity Model provides a baseline measurement of process maturity. The CMM begins with no process defined and progresses through five phases of documentation ...

Get CISA® Certified Information Systems Auditor®: Study Guide, Third Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.