CISM Exam - Question 769

Performing periodic audits for compliance with legal and regulatory requirements (D) is an effective way to provide ongoing assurance that an organization is meeting its obligations. Audits help organizations identify any areas where they may be non-compliant and provide an opportunity to address those issues before they become more serious. Regular audits also help organizations understand how well their processes and controls are working and identify any gaps that need to be addressed. This allows organizations to continuously improve their compliance posture and maintain ongoing confidence in their ability to meet legal and regulatory requirements.

Embedding compliance requirements within operational processes BEST enables an organization to provide ongoing assurance that legal and regulatory compliance requirements can be met. Therefore, the correct answer is option C.

periodic audit is frequently every 2-3 years if not perform by permanent control (LOD2) but by Internal audit Team (LOD3), therefore I prefer answer C

C. Embedding compliance requirements within operational processes

C seems more frequent ("more ongoing", if you will) than D. Although, providing assurance is usually done via periodic audits.

C. Embedding compliance requirements within operational processes

C is good

c it is

sorry i meant D

its C, its embedded into daily functions.

Highest level of assurance is done through independent audits. Best answer is D

C seems to be apt.

D- only audit provides assurance. C is an effective approach but is it really effective or not can only be found through D.

C. Embedding compliance requirements within operational processes