Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CISA Doshi - Domain 1 - Auditing > 1: Risk Assessment > Flashcards

1: Risk Assessment Flashcards

1
Q

What are the elements of risk

A

Probability &; Impact

Vulnerability &; Threat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is risk formula

A

Risk = Probability X Impact
or
Risk = Asset Value X Vulnerability X Threat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is vulnerability

A

Vulnerability means weak or defenseless

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is a threat

A

Threat means something that can exploit the weakness

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Is there a treat for a useless system?

A

Even though vulnerability is high for a useless system, there is no threat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Steps of Risk assessment

A

1- Identify critical Assets/Processes.
2- Identify relevant risks (Vulnerability and threat)
3-Do Impact Analysis (qualitative and quantitative)
4- Risk Prioritization
5-Risk Treatment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Question:
IS Auditor identified certain threats and vulnerabilities in a business process. Next, an IS auditor
should:

A. identify stakeholder for that business process.
B. identify information assets and the underlying systems.
C. disclose the threats and impacts to management.
D. identify and evaluate the existing controls.

A

Answer

C. disclose the threats and impacts to management.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Avoid confusion between Threat and vulnerability

A

1- A threat is what we’re trying to protect against. Threats are not in our control.

2- Vulnerability is a weakness or gap in our protection efforts. Vulnerabilities can be controlled by us.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q 
Question:
Absence of proper security measures represents a (n):
A. threat.
B. asset.
C. impact.
D. vulnerability.
A

Answer :

D. vulnerability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Type of Risk

A

Inherent
Residual
Detection
Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Inherent Risk

A

Risk that an activity poses if no controls factors were in place,

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Residual Risk

A

The risk that remains after controls are taken into account (net risk or risk after controls).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Detection risk

A

Detection risk is the possibility that an auditor will overlook errors or exceptions during an audit. Detection risk should carried at the beginning of risk assessment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Control risk

A

Control risk is the probability that financial statements are materially misstated, due to failures in the system of controls used by a business

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Audit risk

A

The risk that the financial statements are materially incorrect, even though the audit opinion states that the financial reports are free of any material misstatements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Audit Risk Formula

A

Audit Risk = Inherent Risk X Control Risk X Detection Risk

17
Q

Risk treatement

A
  • Risk Mitigation/Risk Reduction
  • Risk Avoidance
  • Risk Acceptance
  • Risk Transfer

CISA Doshi - Domain 1 - Auditing (8 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions