Certified Information Systems Auditor (CISA) — Question 654

Which of the following is MOST important for an IS auditor to consider when performing the risk assessment prior to an audit engagement?

Answer options

• A. Industry standards and best practices
• B. The amount of time since the previous audit
• C. The results of the previous audit
• D. The design of controls

Correct answer: C

Explanation

The results of the previous audit provide critical insights into past findings, areas of concern, and the effectiveness of controls, making them crucial for identifying current risks. While industry standards, the time since the last audit, and control design are important, they do not offer as direct a reflection of the organization's unique risk landscape as previous audit results do.