Certified Information Systems Auditor (CISA) — Question 114

Which of the following BEST indicates that an organization's risk management practices contribute to the effectiveness of internal IS audits?

Answer options

• A. The audit team participates in risk scenario development workshops.
• B. The audit department utilizes the corporate risk register.
• C. The audit department uses the existing risk analysis templates.
• D. The audit department follows the same reporting format used by the IT risk function.

Correct answer: B

Explanation

The correct answer, B, indicates that the audit department's use of the corporate risk register directly aligns with the organization's risk management practices, thereby enhancing the effectiveness of audits. Options A, C, and D, while relevant, do not demonstrate a direct contribution to the overall effectiveness of the audit process in the same way that utilizing the corporate risk register does.