The primary objective of an IT strategy is to ensure that IT plans and activities support and enable the overall business strategy. An IT strategy derived solely from market trends is fundamentally misaligned with the organization's specific goals and needs. This represents the greatest strategic risk because it can lead to the misallocation of resources, investment in inappropriate technologies, and a failure to deliver value to the business. The IS auditor's main concern in a strategic review is this alignment between business objectives and IT initiatives.

A. Defining target architecture at a technical level within a strategy document can indicate thorough planning and is not inherently a concern.

B. While not achieving prior goals is a concern about execution, a flawed basis for the current strategy is a more fundamental and critical issue.

D. Including financial estimates is a best practice for effective planning, budgeting, and demonstrating due diligence, not a point of concern.

1. ISACA. (2019). CISA Review Manual

27th Edition. Domain 2: Governance and Management of IT

Section 2.3.1 IT Strategic Plan. The manual states

"The IT strategic plan must be an integral part of the overall business strategic plan... The focus should be on strategic alignment..." This highlights that the business plan

not external trends alone

must be the primary driver.

2. ISACA. (2018). COBIT 2019 Framework: Introduction and Methodology. Chapter 3

The COBIT Core Model

p. 21. The COBIT goals cascade model explicitly shows that enterprise goals are derived from stakeholder needs

and alignment goals (IT-related goals) are derived from enterprise goals. This framework establishes a clear top-down linkage from business needs to IT strategy.

3. Luftman

J. N. (2000). Assessing business-IT alignment maturity. Communications of the Association for Information Systems

4(1)

Article 14. This foundational academic paper on strategic alignment maturity notes that lower levels of maturity are characterized by a lack of a clear

business-driven IT strategy. Relying on trends instead of business goals is indicative of low alignment maturity. (DOI: https://doi.org/10.17705/1CAIS.00414)