Certified Information Systems Auditor (CISA) — Question 712

Which of the following is the PRIMARY reason to perform a risk assessment?

Answer options

• A. To determine the current risk profile
• B. To ensure alignment with the business impact analysis (BIA)
• C. To help allocated budget for risk mitigation controls
• D. To achieve compliance with regulatory requirements

Correct answer: A

Explanation

The primary goal of a risk assessment is to determine the current risk profile, which helps organizations understand their vulnerabilities and threats. While ensuring alignment with BIA, budgeting for risk mitigation, and achieving compliance are important, they are secondary to identifying and understanding the risks that the organization faces.