Question 1083 - CISA discussion

Enterprise architecture (EA) is the most helpful to an IS auditor reviewing the alignment of planned IT budget with the organization's goals and strategic objectives.EA is a well-defined practice for conducting enterprise analysis, design, planning, and implementation, using a comprehensive approach at all times, for the successful development and execution of strategy1.EA provides a blueprint for an effective IT strategy and guides the controlled evolution of IT in a way that delivers business benefit in a cost-effective way2. By reviewing the EA, the IS auditor can evaluate how well the planned IT budget supports the business vision, strategy, objectives, and capabilities of the organization.

The other options are not as helpful as EA for reviewing the alignment of planned IT budget with the organization's goals and strategic objectives.BIA is a process of determining the criticality of business activities and associated resource requirements to ensure operational resilience and continuity of operations during and after a business disruption3.BIA quantifies the impacts of disruptions on service delivery, risks to service delivery, and recovery time objectives (RTOs) and recovery point objectives (RPOs)3. BIA is useful for developing strategies, solutions, and plans for business continuity and disaster recovery, but it does not directly address the alignment of planned IT budget with the organization's goals and strategic objectives.Risk assessment report is a document that contains the results of performing a risk assessment or the formal output from the process of assessing risk4.Risk assessment is a method to identify, analyze, and control hazards and risks present in a situation or a place5. Risk assessment report is useful for identifying and mitigating potential threats and issues that are detrimental to the business or an enterprise, but it does not directly address the alignment of planned IT budget with the organization's goals and strategic objectives.Audit recommendations are guidance that highlights actions to be taken by management6.When implemented, process risks should be mitigated, and performance should be enhanced6. Audit recommendations are useful for improving the quality and reliability of the information system and its outputs, but they do not directly address the alignment of planned IT budget with the organization's goals and strategic objectives. Therefore, option A is the correct answer.