Certified Information Systems Auditor (CISA) — Question 1441

What is the PRIMARY reason for conducting a risk assessment when developing an annual IS audit plan?

Answer options

• A. Identify and prioritize audit areas
• B. Determine the existence of controls in audit areas
• C. Provide assurance material items will be covered
• D. Decide which audit procedures and techniques to use

Correct answer: A

Explanation

The primary objective of conducting a risk assessment is to identify and prioritize audit areas that pose the highest risk, ensuring that the audit plan addresses the most critical issues. The other options, while important, focus on aspects of the audit process rather than the primary goal of establishing priorities based on risk.