IS audit management reviewed the audit work done for a system implementation and determined that the weaknesses responsible for a major issue were not in the audit scope. Which type of audit risk was MOST likely overlooked when planning the audit?
The scenario describes a situation where a major issue arose from weaknesses that were not within the audit scope. This indicates a failure to identify and assess the risks associated with those out-of-scope areas during the initial audit planning phase.
CISA manual 28th edition defines inherent risk as "the risk level or exposure assessed without considering the actions that management has taken or might take." In the context of audit planning, overlooking potential weaknesses responsible for a major issue, which were subsequently excluded from the audit scope, suggests an inadequate initial assessment of the inherent risks associated with the system implementation. Had a comprehensive inherent risk assessment been performed, these high-risk areas might have been identified and included within the audit's scope.
Detection risk refers to the risk that auditors fail to detect material misstatements or weaknesses in an audit. In this scenario, the audit scope did not cover the weaknesses responsible for a major issue, meaning the auditors did not identify critical problems. This aligns with detection risk, which occurs when audit procedures are insufficient or incorrectly designed to uncover significant risks.
upvoted 1 times
...
This section is not available anymore. Please use the main Exam Page.CISA Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
46080f2
2 weeks, 5 days agoCisagroup
1 month ago