CISA Certified Information Systems Auditor – Question1927

While performing a risk-based audit, which of the following would BEST enable an IS auditor to identify and categorize risk?

A.
Understanding the control framework
B. Developing a comprehensive risk model
C. Understanding the business environment
D. Adopting qualitative risk analysis

Correct Answer: C