O'Reilly logo

The CISA® Prep Guide: Mastering the Certified Information Systems Auditor Exam by John Kramer

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

7.3. Evaluating the Design and Implementation of Risk Controls

As you review business processes and information systems used by business processes to perform the work of the organization, you should methodically identify the risks and categorize those risks for each situation and process step you encounter. This defining of "what can go wrong" is part of a risk assessment that can then used to build a risk management program for the process or entity that is being reviewed. Once the risks are identified in raw form, they provide the basis for identifying controls that would reduce the exposure to those risks, making the process less likely to experience the losses associated with the identified risk. Some controls work better than others do, and some cost more than others do to implement and maintain. Finding the correct balance of cost, risk, and controls is the primary area of expertise that IS auditors can develop and offer as a service to their clients over time. You will need to determine what level of risk control and mitigation are required to reduce the exposure to acceptable levels before going any further. The acceptable level is defined by the business process owners because they are the people accountable for the risk of loss and gain by performing the business process in the first place. If they do not agree to a level of acceptable risk, this analysis will become a subjective exercise and its effectiveness will be severely limited. Identifying acceptable risk and ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required