Which THREE of the following are key components of an IT risk assessment report as per ISACA guidelines?
Trap 1: Detailed results of control testing
Control testing results are part of control assessments.
Trap 2: Cost-benefit analysis of risk responses
Cost-benefit analysis is performed during risk response selection.
- A
Detailed results of control testing
Why wrong: Control testing results are part of control assessments.
- B
Cost-benefit analysis of risk responses
Why wrong: Cost-benefit analysis is performed during risk response selection.
- C
Identified risk scenarios and their risk levels
Risk scenarios and levels are core to the assessment report.
- D
Residual risk after implementing controls
Residual risk is a key output.
- E
Recommended risk response options
Recommendations are part of the report.