What are the functions of the auditor while analyzing risk?
Each correct answer represents a complete solution. (Choose three.)

A. Aids in determining audit objectives

B. Identify threats and vulnerabilities to the information system

C. Provide information for evaluation of controls in audit planning

D. Supporting decision based on risks








 

Suggested Answer: ACD

A risk analysis involves identifying the most probable threats to an organization and analyzing the related vulnerabilities of the organization to these threats. A risk from an organizational perspective consists of:
✑ Threats to various processes of organization.
✑ Threats to physical and information assets.
✑ Likelihood and frequency of occurrence from threat.
✑ Impact on assets from threat and vulnerability.
✑ Risk analysis allows the auditor to do the following tasks :
✑ Threats to various processes of organization.
✑ Threats to physical and information assets.
✑ Likelihood and frequency of occurrence from threat.
✑ Impact on assets from threat and vulnerability.
✑ Risk analysis allows the auditor to do the following tasks :
✑ Identify threats and vulnerabilities to the enterprise and its information system.
✑ Provide information for evaluation of controls in audit planning.
✑ Aids in determining audit objectives.
✑ Supporting decision based on risks.
Incorrect Answers:
B: Auditors identify threats and vulnerability not only in the IT but the whole enterprise as well.

This question is in CRISC exam 
For getting Risk and Information Systems Control Certificate


Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by ISACA.
The website does not contain actual questions and answers from ISACA's Certification Exams.
Trademarks, certification & product names are used for reference only and belong to ISACA.