CISA Certified Information Systems Auditor – Question1908 - CISA Certified Information Systems Auditor

Which of the following should be seen as one of the most significant factors considered when determining the frequency of IS audits within your organization?

A. The cost of risk analysis
B. The income generated by the business function
C. Resource allocation strategy
D. The nature and level of risk
E. None of the choices.

Correct Answer: D

Explanation:

Explanation:
You use a risk assessment process to describe and analyze the potential audit risks inherent in a given line of business. You should update such risk assessment at least annually to reflect changes. The level and nature of risk should be the most significant factors to be considered when determining the frequency of audits.