What is the greatest concern for an IS auditor if they discover several IT projects implemented without approval from the steering committee?

The greatest concern for an IS auditor in discovering that several IT projects have been implemented without approval from the steering committee is that the IT department may not be working toward a common goal.

When projects lack steering committee approval, it often indicates a breakdown in governance and strategic alignment. The steering committee typically ensures that projects are aligned with the organization's objectives, priorities, and resources. Without this alignment, there is a risk that different projects may focus on disparate goals, leading to inefficient use of resources, potential conflicts, and a lack of cohesion within the IT strategy. This can undermine the overall effectiveness of the IT function and result in projects that do not meet the organization's needs or deliver the expected value.

Additionally, having projects that are not formally approved can lead to issues such as inadequate funding, non-compliance with established protocols, and challenges in resource allocation. However, these concerns are secondary to the greater risk of misalignment that could arise when various initiatives operate independently without oversight, making it difficult for the organization to achieve its strategic objectives.