Explanation
A data analytics tool is the most effective way to detect as many abnormalities as possible during an IS audit, as it can process large volumes of data, perform complex calculations, and generate visualizations that reveal patterns, outliers, anomalies, or deviations from expected results. A data analytics tool can also help the auditor to test the entire population of data, rather than a sample, and to perform continuous auditing and monitoring.
References
ISACA CISA Review Manual, 27th Edition, page 256
What is Problem Solving? Steps, Process & Techniques | ASQ
Data Analytics for Auditors - IIA

Section: The process of Auditing Information System

This means that the IT steering committee is responsible for ensuring that the IT strategy aligns with and supports the business strategy, vision, and goals of the organization. The IT steering committee is also responsible for overseeing and approving major IT initiatives, projects, and investments, and allocating resources and priorities accordingly12.
Developing and assessing the IT security strategy (B) is not the main responsibility of the IT steering committee, but rather a specific aspect of the IT strategy that may be delegated to a subcommittee or a dedicated security function. The IT steering committee may provide guidance and oversight for the IT security strategy, but it is not directly involved in developing and assessing it12.
Implementing processes to integrate security with business objectives © is not the main responsibility of the IT steering committee, but rather an operational task that may be performed by the IT management and staff. The IT steering committee may monitor and evaluate the effectiveness of the security processes, but it is not directly involved in implementing them12.
Developing and implementing the secure system development framework (D) is not the main responsibility of the IT steering committee, but rather a technical task that may be performed by the IT developers and engineers. The IT steering committee may approve and endorse the secure system development framework, but it is not directly involved in developing and implementing it12.