A risk assessment should be conducted:

seenagapeApril 26, 2014

PrepAway - Latest Free Exam Questions & Answers

A.
once a year for each business process and subprocess.

B.
every three to six months for critical business processes.

C.
by external parties to maintain objectivity.

D.
annually or whenever there is a significant change.

Explanation:
Risks are constantly changing. Choice D offers the best alternative because it takes into
consideration a reasonable time frame and allows flexibility to address significant change.
Conducting a risk assessment once a year is insufficient if important changes take place.
Conducting a risk assessment every three-to-six months for critical processes may not be
necessary, or it may not address important changes in a timely manner. It is not necessary for
assessments to be performed by external parties.

Get 50% Discount on All Your Purchases
at PrepAway.com - Latest Exam Questions

This is ONE TIME OFFER

Enter your email address to receive your 50% off dicount code:

SPECIAL OFFER: GET 50% OFF

Use Discount Code:

ISACA Exam Questions

Free ISACA Study Guide

A risk assessment should be conducted:

Leave a Reply Cancel reply