CISA Certified Information Systems Auditor – Question0778

When implementing a new risk assessment methodology, which of the following is the MOST important requirement?

A.
The methodology must be approved by the chief executive officer.
B. Risk assessments must be reviewed annually.
C. Risk assessments must be conducted by certified staff.
D. The methodology used must be consistent across the organization.

Correct Answer: D