In a risk-based audit approach, an auditor must choose between auditing a low-risk system with known minor issues or a high-risk system with uncertain status. Which decision BEST reflects risk-based methodology?

Home › MCQs › CISA › Question #6823

CISA QUESTION #6823

Question 1

Audit the low-risk system because issues are known
Audit the high-risk system because uncertainty represents greater potential exposure✔️
Audit both systems simultaneously
Audit neither until more information is available

Correct Answer Explanation

Risk-based auditing prioritizes resources toward highest-risk areas with greatest potential impact. Uncertain status in a high-risk system represents significant potential exposure that must be investigated. Known minor issues in low-risk systems, while needing attention, pose less organizational threat.

More Options