CISA Certified Information Systems Auditor – Question2041

Which of the following should be the PRIMARY basis for prioritizing follow-up audits?

A.
Complexity of management’s actions plans
B. Recommendation from executive management
C. Audit cycle defined in the audit plan
D. Residual risk from the findings of previous audits

Correct Answer: D