Q). When an IT Auditor is using a Risk-based Audit Program, he would MOST likely focus on which one of the following?

A. Business processes
B. Critical IT applications
C. Corporate objectives
D. Business strategies

Answer:

A risk-based audit approach looks at each business process from a risks and controls angle. The entire purpose of a risk based audit approach is to identify, quantify and analyze the risk. On this basis the impact of the risk materializing can then be found out. Thus, the answer is 'A' Business Processes.