Which of the following should be seen as one of the most significant factors considered when
determining the frequency of IS audits within your organization?
A.
The cost of risk analysis
B.
The income generated by the business function
C.
Resource allocation strategy
D.
The nature and level of risk
E.
None of the choices.
Explanation:
You use a risk assessment process to describe and analyze the potential audit risks inherent in a
given line of business. You should update such risk assessment at least annually to reflect
changes. The level and nature of risk should be the most significant factors to be considered when
determining the frequency of audits.