The use of risk assessment tools for classifying risk factors should be formalized in your IT audit
effort through:
A.
the use of risk controls.
B.
the use of computer assisted functions.
C.
using computer assisted audit technology tools.
D.
the development of written guidelines.
E.
None of the choices.
Explanation:
A successful risk-based IT audit program could be based on an effective scoring system. In
establishing a scoring system, management should consider all relevant risk factors and avoid
subjectivity. Auditors should develop written guidelines on the use of risk assessment tools and
risk factors and review these guidelines with the audit committee.