CISA Certified Information Systems Auditor – Question1903

Well-written risk assessment guidelines for IS auditing should specify which of the following elements at the least (Choose four.)

A.
A maximum length for audit cycles.
B. The timing of risk assessments.
C. Documentation requirements.
D. Guidelines for handling special cases.
E. None of the choices.

Correct Answer: ABCD

Explanation:

Explanation:
A well-written risk assessment guidelines should specify a maximum length for audit cycles based on the risk scores and the timing of risk assessments for each department or activity. There should be documentation requirements to support scoring decisions.
There should also be guidelines for overriding risk assessments in special cases and the circumstances under which they can be overridden.