Which of the following observations should be of GREATEST concern to an IS auditor reviewing an organization's enterprise architecture (EA) program?
Which of the following observations should be of GREATEST concern to an IS auditor reviewing an organization's enterprise architecture (EA) program?
If IT application owners have sole responsibility for architecture approval, it poses significant risk as it centralizes decision-making without adequate oversight, potentially ignoring broader enterprise needs, compliance, and security requirements. Enterprise architecture should involve diverse stakeholders to ensure comprehensive oversight and alignment with organizational goals. This lack of cross-departmental review and collaboration can lead to a misalignment of the architecture with the organization's broader strategic objectives, making it the greatest concern for an IS auditor.
It is very important that information security requirements are integrated into the EA program. EA integrates strategies and processes across the organization, which should include rules and standards regarding information security. IS auditors must evaluate whether these requirements are properly considered and implemented. In contrast, the observation in option C, "IT application owners are solely responsible for architecture approval," is about the management and ownership of individual applications and has less direct impact on the security and integrity of the overall EA program.