What are the functions of the auditor while analyzing risk?
Each correct answer represents a complete solution. Choose three.
A.
Aids in determining audit objectives
B.
Identify threats and vulnerabilities to the information system
C.
Provide information for evaluation of controls in audit planning
D.
Supporting decision based on risks
Explanation:
A risk analysis involves identifying the most probable threats to an organization and analyzing the
related vulnerabilities of the organization to these threats. A risk from an organizational
perspective consists of:
Threats to various processes of organization.
Threats to physical and information assets.
Likelihood and frequency of occurrence from threat.
Impact on assets from threat and vulnerability.
Risk analysis allows the auditor to do the following tasks :
Threats to various processes of organization.
Threats to physical and information assets.
Likelihood and frequency of occurrence from threat.
Impact on assets from threat and vulnerability.Risk analysis allows the auditor to do the following tasks :
Identify threats and vulnerabilities to the enterprise and its information system.
Provide information for evaluation of controls in audit planning.
Aids in determining audit objectives.
Supporting decision based on risks.
Answer B is incorrect. Auditors identify threats and vulnerability not only in the IT but the whole
enterprise as well.