Which of the following statements is true for risk analysis?

Which of the following statements is true for risk analysis?

Which of the following statements is true for risk analysis?

A.
Risk analysis should assume an equal degree of protection for all assets.

B.
Risk analysis should give more weight to the likelihood than the size of loss.

C.
Risk analysis should limit the scope to a benchmark of similar companies

D.
Risk analysis should address the potential size and likelihood of loss.

Explanation:

A risk analysis deals with the potential size and likelihood of loss. A risk analysis involves
identifying the most probable threats to an organization and analyzing the related vulnerabilities of

the organization to these threats. A risk from an organizational perspective consists of:
Threats to various processes of organization.
Threats to physical and information assets.
Likelihood and frequency of occurrence from threat.
Impact on assets from threat and vulnerability.
Risk analysis allows the auditor to do the following tasks :
Identify threats and vulnerabilities to the enterprise and its information system.
Provide information for evaluation of controls in audit planning.
Aids in determining audit objectives.
Supporting decision based on risks.
Answer B is incorrect. Since the likelihood determines the size of the loss, hence both elements
must be considered in the calculation.
Answer C is incorrect. A risk analysis would not normally consider the benchmark of similar
companies as providing relevant information other than for comparison purposes.
Answer A is incorrect. Assuming equal degree of protection would only be rational in the rare
event that all the assets are similar in sensitivity and criticality. Hence this is not practiced in risk
analysis.



Leave a Reply 0

Your email address will not be published. Required fields are marked *