Home MCQs CISA Question #1730
Back to Questions
CISA QUESTION #1730
Question 1
What is the key distinction between an organisational policy and a procedure?
  • Compliance with a policy is optional, whereas following a procedure is compulsory.
  • A procedure offers discretionary advice for decision-making, while a policy defines binding requirements.
  • A policy is a high-level authoritative document mandating compliance; a procedure specifies the mandatory steps through which compliance is achieved.✔️
  • A policy is a mid-level advisory document issued in the absence of a standard; the procedure suggests recommended actions.
Correct Answer Explanation
A policy is a high-level directive, signed by a person of authority, that mandates a required outcome or standard of behaviour — compliance is not optional. A procedure is the lower-level, step-by-step operational document that prescribes exactly how the policy requirements are to be fulfilled in practice. Both are mandatory. This hierarchy — policy, standard, procedure, guideline — is fundamental to governance frameworks.