Which of the following would NOT be classified as a control failure?

Home › MCQs › CISA › Question #1765

CISA QUESTION #1765

Question 1

Using a policy that has no detective mechanism to identify violations
Modifying an ineffective procedure outside of change control
Testing to determine how many policy violations have occurred✔️
Implementing a policy or standard without defining consequences for non-compliance

Correct Answer Explanation

Testing to discover policy violations is an example of a detective control in action — it is not a control failure. All other options represent failures because they lack detection, bypass change control, or implement controls without enforcement mechanisms.

More Options