Home MCQs CISA Question #1788
Back to Questions
CISA QUESTION #1788
Question 1
Which of the following is NOT a valid purpose of risk analysis in the context of IS auditing?
  • Supporting risk-based audit decisions
  • Helping the auditor identify and define audit objectives
  • Assisting the auditor in recognizing risks and potential threats
  • Guaranteeing absolute safety during the audit process✔️
Correct Answer Explanation
Risk analysis informs the auditor's planning and decision-making by identifying risks, setting objectives, and prioritizing areas of focus. However, it cannot and does not guarantee absolute safety or certainty in the audit process. The abstract nature of technology means that IS auditing can never achieve absolute assurance.