CISA Certified Information Systems Auditor – Question2775

The output of the risk management process is an input for making:

A.
business plans.
B. audit charters.
C. security policy decisions.
D. software design decisions.

Correct Answer: C

Explanation:

Explanation:
The risk management process is about making specific, security-related decisions, such as the level of acceptable risk. Choices A, B and D are not ultimate goals of the risk management process.