PrepAway - Latest Free Exam Questions & Answers

The IS auditor should FIRST review:

An IS auditor is evaluating management’s risk assessment of information systems. The IS auditor should
FIRST review:

PrepAway - Latest Free Exam Questions & Answers

A.
the controls already in place.

B.
the effectiveness of the controls in place.

C.
the mechanism for monitoring the risks related to the assets.

D.
the threats/vulnerabilities affecting the assets.

Explanation:
One of the key factors to be considered while assessing the risks related to the use of various information
systems is the threats and vulnerabilities affecting the assets. The risks related to the use of information assets
should be evaluated in isolation from the installed controls. Similarly, the effectiveness of the controls should be
considered during the risk mitigation stage and not during the risk assessment phase
A mechanism to continuously monitor the risks related to assets should be put in place during the risk
monitoring function that follows the risk assessment phase.


Leave a Reply