PrepAway - Latest Free Exam Questions & Answers

When developing a risk-based audit strategy, an IS audi…

When developing a risk-based audit strategy, an IS auditor should conduct a risk assessment to ensure that:

PrepAway - Latest Free Exam Questions & Answers

A.
controls needed to mitigate risks are in place.

B.
vulnerabilities and threats are identified.

C.
audit risks are considered.

D.
a gap analysis is appropriate.

Explanation:
In developing a risk-based audit strategy, it is critical that the risks and vulnerabilities be understood. This will
determine the areas to be audited and the extent of coverage. Understanding whether appropriate controls
required to mitigate risksare in place is a resultant effect of an audit. Audit risks are inherent aspects of
auditing, are directly related to the audit process and are not relevant to the risk analysis of the environment to
be audited. A gap analysis would normally be doneto compare the actual state to an expected or desirable
state.


Leave a Reply