CRISC Certified in Risk and Information Systems Control – Question345
What are the functions of the auditor while analyzing risk? Each correct answer represents a complete solution. Choose three. A. Aids in determining audit objectives B. Identify threats and vulnerabilities to the information system C. Provide information for evaluation of controls in audit planning D. Supporting decision based on risks
Correct Answer: ACD
Explanation:
Explanation:
A risk analysis involves identifying the most probable threats to an organization and analyzing the related vulnerabilities of the organization to these threats. A risk from an organizational perspective consists of:
Threats to various processes of organization.
Threats to physical and information assets.
Likelihood and frequency of occurrence from threat.
Impact on assets from threat and vulnerability.
Risk analysis allows the auditor to do the following tasks :
Threats to various processes of organization.
Threats to physical and information assets.
Likelihood and frequency of occurrence from threat.
Impact on assets from threat and vulnerability.
Risk analysis allows the auditor to do the following tasks :
Identify threats and vulnerabilities to the enterprise and its information system.
Provide information for evaluation of controls in audit planning.
Aids in determining audit objectives.
Supporting decision based on risks.
Incorrect Answers:
B: Auditors identify threats and vulnerability not only in the IT but the whole enterprise as well.
Please disable your adblocker or whitelist this site!