Explanation:
Risk factors are those features that influence the likelihood and/or business impact of risk scenarios. They have heavy influences on probability and impact of risk scenarios. They should be taken into account during every risk analysis, when likelihood and impact are assessed.
Incorrect Answers:
A: The enterprise must consider risk that has not yet occurred and should develop scenarios around unlikely, obscure or non-historical events.
Such scenarios can be developed by considering two things:

• Visibility
• Recognition
• [/*]
• For the fulfillment of this task enterprise must:
• [*]
• Be in a position that it can observe anything going wrong
• Have the capability to recognize an observed event as something wrong
• [/*]
• C: A risk analysis involves identifying the most probable threats to an organization and analyzing the related vulnerabilities of the organization to these threats. A risk from an organizational perspective consists of:
• [*]
• Threats to various processes of organization.
• Threats to physical and information assets.
• Likelihood and frequency of occurrence from threat.
• Impact on assets from threat and vulnerability.
• [/*]
• Risk analysis allows the auditor to do the following tasks:
• [*]
• Identify threats and vulnerabilities to the enterprise and its information system.
• Provide information for evaluation of controls in audit planning.
• Aids in determining audit objectives.
• Supporting decision based on risks.

D: A risk event represents the situation where you have a risk that only occurs with a certain probability and where the risk itself is represented by a specified distribution.