CISA Certified Information Systems Auditor – Question1897 - CISA Certified Information Systems Auditor

A successful risk-based IT audit program should be based on:

A. an effective scoring system.
B. an effective PERT diagram.
C. an effective departmental brainstorm session.
D. an effective organization-wide brainstorm session.
E. an effective yearly budget.
F. None of the choices.

Correct Answer: A

Explanation:

Explanation:
A successful risk-based IT audit program could be based on an effective scoring system. In establishing a scoring system, management should consider all relevant risk factors and avoid subjectivity. Auditors should develop written guidelines on the use of risk assessment tools and risk factors and review these guidelines with the audit committee.