Which of the following is BEST described by the definition below?
“They are heavy influencers of the likelihood and impact of risk scenarios and should be taken into
account during every risk analysis, when likelihood and impact are assessed.”

A.
Obscure risk

B.
Risk factors

C.
Risk analysis

D.
Risk event

Explanation:

Risk factors are those features that influence the likelihood and/or business impact of risk
scenarios. They have heavy influences on probability and impact of risk scenarios. They should be
taken into account during every risk analysis, when likelihood and impact are assessed.
Answer C is incorrect. A risk analysis involves identifying the most probable threats to an
organization and analyzing the related vulnerabilities of the organization to these threats. A risk
from an organizational perspective consists of:
Threats to various processes of organization.
Threats to physical and information assets.
Likelihood and frequency of occurrence from threat.
Impact on assets from threat and vulnerability.
Risk analysis allows the auditor to do the following tasks:
Identify threats and vulnerabilities to the enterprise and its information system.
Provide information for evaluation of controls in audit planning.
Aids in determining audit objectives.
Supporting decision based on risks.
Answer A is incorrect. The enterprise must consider risk that has not yet occurred and should
develop scenarios around unlikely, obscure or non-historical events.
Such scenarios can be developed by considering two things:
Visibility
Recognition
For the fulfillment of this task enterprise must:
Be in a position that it can observe anything going wrong
Have the capability to recognize an observed event as something wrong
Answer D is incorrect. A risk event represents the situation where you have a risk that only occurs
with a certain probability and where the risk itself is represented by a specified distribution.