CISA Certified Information Systems Auditor – Question0350

An audit group is conducting a risk assessment as part of a risk-based audit strategy. To help ensure the risk assessment results are relevant to the organization, it is MOST important to:

A.
understand the organization’s objectives and risk appetite.
B. include operational departments and processes.
C. determine both the inherent risk and detection risk.
D. understand the organization’s controls.

Correct Answer: A