Certified in Risk and Information Systems Control (CRISC) — Question 237

Which of the following is MOST important for a risk practitioner to provide to the internal audit department during the audit planning process?

Answer options

• A. Closed management action plans from the previous audit
• B. Annual risk assessment results
• C. An updated vulnerability management report
• D. A list of identified generic risk scenarios

Correct answer: B

Explanation

The correct answer is B, as the annual risk assessment results provide an overview of the organization's risk landscape, which is essential for planning the audit effectively. The other options, while useful, do not offer the same level of comprehensive insight into current risks as the annual risk assessment does.