ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CISA All Questions

View all questions & answers for the CISA exam
Go to Exam

Exam CISA topic 1 question 717 discussion

Actual exam question from Isaca's CISA
Question #: 717
Topic #: 1
[All CISA Questions]

During an audit of an organization's risk management practices, an IS auditor finds several documented IT risk acceptances have not been renewed in a timely manner after the assigned expiration date. When assessing the severity of this finding, which mitigating factor would MOST significantly minimize the associated impact?

  • A. There are documented compensating controls over the business processes.
  • B. The risk acceptances with issues reflect a small percentage of the total population.
  • C. The business environment has not significantly changed since the risk acceptances were approved.
  • D. The risk acceptances were previously reviewed and approved by appropriate senior management.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Jag127 at Feb. 13, 2023, 9:16 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
9967be3
6 days, 23 hours ago
Selected Answer: A
It can not be answer C because unchanged business environment helps justify delays but doesn’t mitigate active threats.
upvoted 1 times
...
pLulu
5 months, 2 weeks ago
C. If the business environment remains largely unchanged, the risks identified and accepted previously are likely still relevant and the controls in place may still be effective. This stability reduces the urgency and potential impact of not renewing the risk acceptances on time.
upvoted 1 times
...
RS66
9 months, 3 weeks ago
C. The business environment has not significantly changed since the risk acceptances were approved.
upvoted 2 times
...
a84n
1 year ago
Selected Answer: D
Answer D Option D emphasizes that the risk acceptances were previously reviewed and approved by appropriate senior management. This suggests that the risks were assessed and accepted at a higher level of authority, providing a level of assurance that the risks were understood and acknowledged by the organization's leadership. Therefore, in this context, Option D represents a more significant mitigating factor.
upvoted 1 times
...
Jag127
2 years, 2 months ago
Selected Answer: C
You should check whether there are changes to the business environment then check whether the compensating controls are still effective.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago