Suggested Answer:D🗳️
A risk analysis deals with the potential size and likelihood of loss. A risk analysis involves identifying the most probable threats to an organization and analyzing the related vulnerabilities of the organization to these threats. A risk from an organizational perspective consists of: ✑ Threats to various processes of organization. ✑ Threats to physical and information assets. Likelihood and frequency of occurrence from threat. ✑ Impact on assets from threat and vulnerability. ✑ Risk analysis allows the auditor to do the following tasks : ✑ Identify threats and vulnerabilities to the enterprise and its information system. ✑ Provide information for evaluation of controls in audit planning. ✑ Aids in determining audit objectives. ✑ Supporting decision based on risks. Incorrect Answers: A: Assuming equal degree of protection would only be rational in the rare event that all the assets are similar in sensitivity and criticality. Hence this is not practiced in risk analysis. B: Since the likelihood determines the size of the loss, hence both elements must be considered in the calculation. C: A risk analysis would not normally consider the benchmark of similar companies as providing relevant information other than for comparison purposes.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
aselunar
1 month, 1 week ago