Certified Information Systems Auditor (CISA) — Question 1446

An organization has developed mature risk management practices that are followed across all departments. What is the MOST effective way for the audit team to leverage this risk management maturity?

Answer options

• A. Implementing risk responses on management's behalf
• B. Providing assurances to management regarding risk
• C. Facilitating audit risk identification and evaluation workshops
• D. Integrating the risk register for audit planning purposes

Correct answer: D

Explanation

The correct answer, D, highlights the importance of using the risk register to inform audit planning, ensuring that audits are aligned with the most significant risks. Option A is incorrect because the audit team should not take on management's responsibilities. Option B is less effective as it does not directly leverage the maturity of risk management practices. Option C, while useful, does not integrate the risk management processes into the audit planning as effectively as option D.