CISA Question #351: Real Exam Question with Answer & Explanation

The correct answer is A: It helps to identify areas with a relatively high probability of material problems. The primary purpose of a risk assessment in an audit context is to direct audit resources toward areas where material problems are most likely to exist-ensuring audit effort is spent where it matters most. Risk assessment drives audit planning and scoping decisions. The other opt

Submitted by fatima_kr· Apr 18, 2026Information System Auditing Process

Question

Which of the following is the PRIMARY reason for an IS auditor to perform a risk assessment?

Options

AIt helps to identify areas with a relatively high probability of material problems
BIt provides a basis for the formulation of corrective action plans
CIt helps to identify areas that are most sensitive to fraudulent or inaccurate practices
DIt increases awareness of the types of management actions that may be inappropriate

Explanation

The primary purpose of a risk assessment in an audit context is to direct audit resources toward areas where material problems are most likely to exist-ensuring audit effort is spent where it matters most. Risk assessment drives audit planning and scoping decisions. The other options (developing corrective actions, identifying fraud-sensitive areas, raising management awareness) are secondary benefits or downstream activities that follow from the audit itself, not the primary reason for conducting the risk assessment.

Topics

#Audit Risk Assessment#Audit Planning#Risk Identification#Materiality

Community Discussion

No community discussion yet for this question.

Full CISA Practice Browse All CISA Questions