Fill in the blanks.

.______________ risk analysis is not always possible because the IS auditor is attempting to
calculate risk using nonquantifiable threats and potential losses. In this event, a ______________
risk assessment is more appropriate. Fill in the blanks.

.______________ risk analysis is not always possible because the IS auditor is attempting to
calculate risk using nonquantifiable threats and potential losses. In this event, a ______________
risk assessment is more appropriate. Fill in the blanks.

A.
Quantitative; qualitative

B.
Qualitative; quantitative

C.
Residual; subjective

D.
Quantitative; subjective

Explanation:

Quantitative risk analysis is not always possible because the IS auditor is attempting to calculate risk
using nonquantifiable threats and potential losses. In this event, a qualitative risk assessment is
more appropriate.

Show Hint

Leave a Reply 0

Your email address will not be published. Required fields are marked *

4 × 2 =