nerdexam
ExamsCISAQuestions#470
IsacaIsaca

CISA · Question #470

CISA Question #470: Real Exam Question with Answer & Explanation

The correct answer is D: The organization's risk appetite and risk tolerance. Before adopting an IaaS platform, it is essential for the IS auditor to ensure that the risks associated with cloud migration align with the organization’s defined risk appetite and tolerance. This determines whether the organization can accept or mitigate the potential risks inh

Submitted by ricky.ec· Apr 18, 2026Governance and Management of IT

Question

An organization is deciding whether to move on-premise workloads to a third-party Infrastructure as a Service (IaaS) platform. Which of the following is MOST important for an IS auditor to consider when evaluating the potential risks?

Options

  • AThe provider's risk assessment and risk mitigation procedures
  • BSecurity clauses documented within cloud service agreements
  • CThe organization's external business environment
  • DThe organization's risk appetite and risk tolerance

Explanation

Before adopting an IaaS platform, it is essential for the IS auditor to ensure that the risks associated with cloud migration align with the organization’s defined risk appetite and tolerance. This determines whether the organization can accept or mitigate the potential risks inherent in using third-party infrastructure services.

Topics

#Risk Management#Risk Appetite#Cloud Computing#IS Audit Considerations

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CISA PracticeBrowse All CISA Questions