CISA Certified Information Systems Auditor – Question1898 - CISA Certified Information Systems Auditor

The use of risk assessment tools for classifying risk factors should be formalized in your IT audit effort through:

A. the use of risk controls.
B. the use of computer assisted functions.
C. using computer assisted audit technology tools.
D. the development of written guidelines.
E. None of the choices.

Correct Answer: D

Explanation:

Explanation:
A successful risk-based IT audit program could be based on an effective scoring system. In establishing a scoring system, management should consider all relevant risk factors and avoid subjectivity. Auditors should develop written guidelines on the use of risk assessment tools and risk factors and review these guidelines with the audit committee.