What should the IS auditor first review? - ProProfs Discuss
Topics-
Products +
     

What should the IS auditor first review?
An IS auditor is evaluating managements risk assessment of information systems.



A. The controls already in place.
B. The effectiveness of the controls in place.
C. The mechanism for monitoring the risks related to the assets.
D. The threats/vulnerabilities affecting the assets.

This question is part of CISA - Mock Test - Domain 1 (100 Questions)
Asked by Hemangdoshi, Last updated: Aug 17, 2018

+ AnswerRequest Answer
...

1 Answer

hemangdoshi

Hemangdoshi

Answered on Apr 17, 2018

D. the threats/vulnerabilities affecting the assets.

One of the key factors to be considered while assessing the risks related to the use of various information systems is the threats and vulnerabilities affecting the assets. Similarly, the effectiveness of the controls should be considered during the risk mitigation stage and not during the risk assessment phase. A mechanism to continuously monitor the risks related to assets should be put in place during the risk monitoring function that follows the risk assessment phase.
 Reply

Search for Google images
Select a recommended image
Upload from your computer
Search for Google images
Select a recommended image
Upload from your computer
Search for Google images
Select a recommended image
Upload from your computer

Email Sent
We have sent an email to your address "" with instructions to reset your password.