An IS auditor is executing a risk-based IS audit strategy to ensure that key areas are audited. Which of the following should be of GREATEST concern to the auditor?
A.
The risk assessment database does not include a complete audit universe.
B.
The risk assessment methodology does not permit the collection of financial audit data.
C.
The risk assessment methodology relies on subjective audit judgments at certain points of the process.
D.
The risk assessment approach has not been approved by the risk manager.
I think is A. Let me mark some word from CRM:
"Evaluation of the risk factors should be based on objective criteria, although subjectivity cannot be completely avoided."
This is because subjective judgments can lead to inconsistencies and inaccuracies in the risk assessment process, which can result in the auditor overlooking key areas that need to be audited
Subjective risk judgment is part of the risk assessment, it's the perceived chance of something bad based on a person's opinion, emotions, gut feeling, or intuition. It is not a mathematical review of the situation, but rather a quick assessment based on a person's feelings at the time.
C. The risk assessment methodology relies on subjective audit judgments at certain points of the process.
upvoted 1 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
shalota2
1 month, 1 week agoNotJamesCharles
7 months agoChaBum
4 months agoFAGFUR
7 months, 3 weeks agoChloeeeee
8 months ago