Certified Information Systems Auditor (CISA) — Question 1409

Which of the following BEST enables the timely identification of risk exposure?

Answer options

• A. Control self-assessment (CSA)
• B. Internal audit review
• C. Stress testing
• D. External audit review

Correct answer: A

Explanation

Control self-assessment (CSA) allows organizations to continuously monitor and evaluate their own risk management processes, leading to timely identification of risk exposures. Internal and external audits, while important, are typically conducted less frequently and may not provide immediate insights. Stress testing is useful for understanding potential impact under extreme conditions but does not directly identify risk exposure in a timely manner.