Question 1903 - CISA Certified Information Systems Auditor

Well-written risk assessment guidelines for IS auditing should specify which of the following elements at the least (Choose four.)

A. A maximum length for audit cycles.
B. The timing of risk assessments.
C. Documentation requirements.
D. Guidelines for handling special cases.
E. None of the choices.

Correct Answer: ABCD

Explanation:

Explanation:
A well-written risk assessment guidelines should specify a maximum length for audit cycles based on the risk scores and the timing of risk assessments for each department or activity. There should be documentation requirements to support scoring decisions.
There should also be guidelines for overriding risk assessments in special cases and the circumstances under which they can be overridden.

CISA Certified Information Systems Auditor

Tag: Question 1903

CISA Certified Information Systems Auditor – Question1903