ある組織は、ガバナンス、リスク、およびコンプライアンス (GRC) 活動を一元化されたテクノロジーベースのリソースに統合することを検討しています。このGRCリソースを実装する際に、最終製品によって満たされるべき主要な企業ガバナンスの懸念事項は次のうちどれですか?
正解:A
When an organization integrates governance, risk, and compliance (GRC) activities into a centralized technology-based resource, enterprise governance must ensure that the system:
* Supports strategic decision-making by the board and senior management.
* Provides accurate, reliable, and quality information to demonstrate an effective governance framework.
* Aligns with IIA Standard 2110 - Governance, which requires auditors to assess whether the organization's governance structure supports accountability, transparency, and effective decision- making.
* (A) The board should be fully satisfied that there is an effective system of governance in place through accurate, quality information provided. (Correct Answer)
* Governance is about ensuring that stakeholders, particularly the board, have confidence in the organization's control environment and decision-making process.
* IIA Standard 2110 (Governance) states that internal auditors must evaluate the adequacy and effectiveness of governance structures.
* A GRC system should ensure transparency, accountability, and quality reporting to enable strategic governance oversight.
* (B) Compliance, audit, and risk management can find and seek efficiencies between their functions through integrated information reporting.
* While improving efficiency is a benefit of a GRC system, it is a secondary objective, not a primary enterprise governance concern.
* (C) Key compliance and risk metrics can be tracked and compared throughout the enterprise, aiding in identifying problem departments.
* Tracking risk metrics is useful but does not directly address governance at the board level, making this answer incomplete.
* (D) Data analytics can be utilized for trending of the data to ensure that patterns and ongoing monitoring occurs throughout the organization.
* Analytics support monitoring, but the core governance concern is ensuring the board's confidence in the system.
* IIA Standard 2110 - Governance: Internal auditors must assess whether governance processes are effective.
* GTAG 1 - Information Technology Risks and Controls: IT governance must provide quality, reliable information for decision-making.
* COSO ERM Framework: Emphasizes governance as a key driver of enterprise risk management.
Analysis of Each Option:IIA References Supporting the Answer:Thus, the correct answer is (A) because effective enterprise governance relies on accurate and high-quality information for strategic decision- making.