PrepAway - Latest Free Exam Questions & Answers

The IS auditor should FIRST review:

An IS auditor is evaluating management’s risk assessment of information systems. The IS auditor
should FIRST review:

PrepAway - Latest Free Exam Questions & Answers

A.
the controls already in place.

B.
the effectiveness of the controls in place.

C.
the mechanism for monitoring the risks related to the assets.

D.
the threats/vulnerabilities affecting the assets.

Explanation:

One of the key factors to be considered while assessing the risks related to the use of various
information systems is the threats and vulnerabilities affecting the assets. The risks related to the
use of information assets should be evaluated in isolation from the installed controls. Similarly, the
effectiveness of the controls should be considered during the risk mitigation stage and not during
the risk assessment phase
A mechanism to continuously monitor the risks related to assets should be put in place during the
risk monitoring function that follows the risk assessment phase.


Leave a Reply