Which of the following should be the PRIMARY basis for prioritizing follow-up audits?

CISA V2 0 Comments

Which of the following should be the PRIMARY basis for prioritizing follow-up audits?
A . Audit cycle defined in the audit plan
B . Complexity of management’s action plans
C . Recommendation from executive management
D . Residual risk from the findings of previous audits

Answer: D

Explanation:

Residual risk from the findings of previous audits should be the primary basis for prioritizing follow-up audits, because it reflects the level of exposure and potential impact that remains after management has implemented corrective actions or accepted the risk. Follow-up audits should focus on verifying whether the residual risk is within acceptable levels and whether the corrective actions are effective and sustainable. Audit cycle defined in the audit plan, complexity of management’s action plans, and recommendation from executive management are not valid criteria for prioritizing follow-up audits, because they do not consider the residual risk from previous audits.

References: CISA Review Manual (Digital Version), Chapter 2, Section 2.4.3

Latest CISA Dumps Valid Version with 2694 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download CISA PDF    CISA Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments