Loading...
Menu

CISA Exam-Testing Concept-Knowledge of Risk Assessment

p<>{color:#000;}.

Testing Concept-Knowledge of Risk Assessment

Hemang Doshi

CISA, ACA,FIII

Objective: The objective of this e-book is to ensure that CISA candidate get adequate knowledge of risk assessment concepts, tools and techniques in an audit context. Question Answer and Explanation (QAE) on risk assessment concepts are designed in accordance with CISA exam pattern. This small e-book will help CISA candidate to attempt questions on concept of risk assessment more confidently and correctly (we can expect atleast 10 to 15 questions on this concept in CISA exam)

Details about E-Book:

table<. <. |<.
p<>{color:#000;}. ISACA Testing Concept |<.
p<>{color:#000;}. Knowledge of Risk Assessment concepts, tools and techniques in an audit context.

| <. |<. p<>{color:#000;}. Appr. no. of questions in CISA exam on ‘Risk Assessment’ concept (Please note that author appeared twice in CISA exam. Count of questions has been approximated on the basis of author’s experience in CISA examination and interaction with other qualified CISA.) |<. p<>{color:#000;}. 10 to 15 | <. |{color:#000;}. Candidate need to know : |<. p<>{color:#000;}. What is Risk? | <. |<. p<>{color:#000;}. Steps of Risk Assessment | <. |<. p<>{color:#000;}. Difference between vulnerability & threat | <. |<. p<>{color:#000;}. Types of Risk | <. |<. p<>{color:#000;}. Risk Treatment | <. |<. p<>{color:#000;}. Question Answer and Explanation (QAE) on risk assessment concept. |

table<>. <>. |<>.
p<>{color:#000;}.  

What is Risk?

 

You might know end number of definitions/formulas for Risk. However for CISA certification, please remember only below mentioned 2 formulas:

 

(i)In simple term, Risk is product of Probability and Impact.

 

table<>. <>. |<>.
p={color:#000;}. Risk=Probability*Impact

 

Risk=P*I

 

|

 

 

OR

 

(ii)Risk is product of Asset Value, Vulnerability and Threat.

 

table<>. <>. |<>.
p={color:#000;}. Risk=A*V*T

 

|

 

 

|

table<>. <>. |<>.
p<>{color:#000;}.  

Steps of Risk Assessment:

 

-First step is to identify the assets.

-Second step is to identify relevant risk (vulnerability/threat)

-Third step is to do impact analysis

-Fourth step is prioritize the risk on the basis of impact

-Fifth step is to evaluate controls.

-Sixth step is to apply appropriate controls.

|

table<>. <>. |<>.
p<>{color:#000;}. Difference between threat & vulnerability:

 

One of the favorite and most preferred game of ISACA is to get us confused between the terms ‘vulnerability’ and ‘threat’ during CISA exams. Let us understand basic difference between the two so they cannot trick us anymore.

 

 

What is a Threat[*?*]

 

A threat is what we’re trying to protect against.Our enemy could be Earthquake, Fire, Hackers, Malware, System Failure, Criminals and many other unknown forces. Threats are not in our control.

 

What is Vulnerability?

 

Vulnerability is a weakness or gap in our protection efforts. Vulnerability can be in form of weak coding, missing anti-virus, weak access control and other related factors. Vulnerabilities can be controlled by us.

 

 

 

|

table<>. <>. |<>.
p<>{color:#000;}. Types of Risk:

 

table<>. <>. |<>.
p<>{color:#000;}. Type of Risk |<>.
p<>{color:#000;}. Concept | <>. |<>.
p<>{color:#000;}. Inherent Risk |<>.
p<>{color:#000;}. The risk that an activity would pose if no controls or other mitigating factors were in place (the gross risk or risk before controls). 

 

| <>. |<>. p<>{color:#000;}. Residual Risk |<>. p<>{color:#000;}. The risk that remains[* after controls*] are taken into account (the net risk or risk after controls). | <>. |<>. p<>{color:#000;}. Detection Risk |<>. p<>{color:#000;}. Risk that the auditors fail to detect a material misstatement in the financial statements.
<>.
<>.

 

 

 

|

***

Visit: http://www.smashwords.com/books/view/622303 to purchase this book to continue reading. Show the author you appreciate their work!


CISA Exam-Testing Concept-Knowledge of Risk Assessment

The objective of this e-book is to ensure that CISA candidate get adequate knowledge of risk assessment concepts, tools and techniques in an audit context. Question Answer and Explanation (QAE) on risk assessment concepts are designed in accordance with CISA exam pattern. This small e-book will help CISA candidate to attempt questions on concept of risk assessment more confidently and correctly (you can expect atleast 10 to 15 questions on this concept in CISA exam)

  • ISBN: 9781310046995
  • Author: Hemang Doshi
  • Published: 2016-03-13 19:20:06
  • Words: 3194
CISA Exam-Testing Concept-Knowledge of Risk Assessment CISA Exam-Testing Concept-Knowledge of Risk Assessment