CISA Question #255: Real Exam Question with Answer & Explanation

Sign in or unlock CISA to reveal the answer and full explanation for question #255. The question stem and answer options stay visible for context.

Submitted by helene.fr· Apr 18, 2026Governance and Management of IT

Question

Following an IT audit, management has decided to accept the risk highlighted in the audit report. Which of the following would provide the MOST assurance to the IS auditor that management is adequately balancing the needs of the business with the need to manage risk?

Options

APotential impact and likelihood are adequately documented.
BEstablished criteria exist for accepting and approving risk.
CA communication plan exists for informing parties impacted by the risk.
DIdentified risk is reported into the organization's risk committee.

Unlock CISA to see the answer

You've previewed enough free CISA questions. Unlock CISA for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.

Unlock CISA - $49.99 / 30 days Sign in

Topics

#Risk acceptance criteria#IT risk governance#Risk management process#Auditor assurance

Full CISA Practice Browse All CISA Questions