An IS auditor is reviewing the risk management process. Which of the following is the MOST important consideration during this review?
A. Controls are implemented based on cost-benefit analysis.
B. The risk management framework is based on global standards.
C. The approval process for risk response is in place.
D. IT risk is presented in business terms.
- 1 Answers
- 6110 Views
- I also Faced
- E-Mail Answers
Answer Posted / chatter
The correct answer is D.
A. Controls to mitigate risk must be implemented based on cost-benefit analysis; however, the cost-benefit analysis is effective only if risk is presented in business terms.
B. A risk management framework based on global standards helps in ensuring completeness; however, organizations must adapt it to suit specific business requirements.
C. Approvals for risk response come later in the process.
D. In order for risk management to be effective, it is necessary to align IT risk with business objectives. This can be done by adopting acceptable terminology that is understood by all, and the best way to achieve this is to present IT risk in business terms.
| Is This Answer Correct ? | 5 Yes | 0 No |
Post New Answer View All Answers
