ExpertHard1 markMultiple Choice
CPA · Question 04 · Area I: Information Systems
An organization is implementing the COSO Enterprise Risk Management (ERM) framework to govern its migration to the cloud. Which of the following actions best aligns with the 'Governance and Culture' component of COSO ERM in this context?
An organization is implementing the COSO Enterprise Risk Management (ERM) framework to govern its migration to the cloud. Which of the following actions best aligns with the 'Governance and Culture' component of COSO ERM in this context?
Answer options:
A.
Implementing multi-factor authentication for all cloud access
B.
Establishing a cloud steering committee to oversee cloud strategy and risk appetite
C.
Performing daily backups of cloud data
D.
Monitoring cloud service performance metrics
How to approach this question
Map the specific action to the 5 COSO ERM components. Governance relates to structure, oversight, and tone at the top.
Full Answer
B.Establishing a cloud steering committee to oversee cloud strategy and risk appetite✓ Correct
Establishing a steering committee establishes the oversight structure, which is a core element of the Governance and Culture component of the COSO ERM framework.
Common mistakes
Selecting specific control activities (like MFA or backups) instead of governance structures.
Practice the full CPA ISC Practice Exam 4
82 questions · hints · full answers · grading
More questions from this exam
Q01A CPA is advising a client who is migrating their legacy on-premise ERP system to a cloud environ...HardQ02An auditor is reviewing the Service Level Agreement (SLA) for a client using a public cloud provi...HardQ03A company uses an Infrastructure as a Service (IaaS) model. During an IT audit, the auditor disco...HardQ05During a walkthrough of an order-to-cash process, the auditor observes that the sales manager can...HardQ06An auditor is reviewing the backup strategy for a financial transaction system with a Recovery Po...Hard