Question 39
Domain 1 — AI Governance and Risk ManagementWhich ISACA framework specifically provides the professional standards, guidelines, and tools for IT audit and assurance engagements?
Correct answer: B
Explanation
ITAF stands for the "IT Assurance Framework" and is ISACA’s framework for IT audit and assurance work. It provides the professional standards, guidelines, and tools used in assurance engagements, including audit standards across three categories.
Why each option is right or wrong
A. COBIT 2019 — provides governance and management objectives for enterprise IT
B. ITAF — IT Assurance Framework with audit standards across three categories
ISACA’s IT Assurance Framework (ITAF) is the publication that sets out the professional standards, guidelines, and tools used in IT audit and assurance engagements. It is organized into three categories of standards—general, performance, and reporting—so it is the only option that matches the question’s focus on audit-and-assurance practice rather than governance or control frameworks.
C. ISO/IEC 27001 — information security management system standard
D. NIST CSF — cybersecurity framework for critical infrastructure