Certified Information Systems Auditor (CISA) — Question 241

Which of the following would be MOST important to include in an IS audit report?

Answer options

• A. Observations not reported as findings due to inadequate evidence
• B. The roadmap for addressing the various risk areas
• C. Specific technology solutions for each audit observation
• D. The level of unmitigated risk along with business impact

Correct answer: D

Explanation

The correct answer, D, highlights the importance of understanding the level of unmitigated risk and its potential impact on the business, which is crucial for decision-making. Options A and C are less relevant as they do not directly address the overall risk management within the organization. Option B, while important, does not convey the same urgency as understanding the current risk level and its implications.