Certified Information Systems Auditor (CISA) — Question 941

Which of the following is an example of inherent risk?

Answer options

• A. Quality assurance (QA) processes may not effectively reduce errors.
• B. An approval process may not detect significant errors.
• C. The organization may not comply with regulations.
• D. Projects may still be delayed despite management controls.

Correct answer: C

Explanation

The correct answer is C, as inherent risk refers to the possibility of non-compliance with regulations due to the nature of the business environment. Options A, B, and D illustrate risks related to processes and controls but do not capture the essence of inherent risks that arise from external factors and regulations.