ExpertHard1 markMultiple Choice
CPA · Question 82 · Area I: Information Systems
An auditor is reviewing the 'Risk Assessment' component of COSO. Which of the following is a prerequisite for risk assessment?
An auditor is reviewing the 'Risk Assessment' component of COSO. Which of the following is a prerequisite for risk assessment?
Answer options:
A.
Monitoring activities
B.
Establishing objectives
C.
Control activities
D.
Information and communication
How to approach this question
You can't have a risk unless you have a goal. Risk = Uncertainty on objectives.
Full Answer
B.Establishing objectives✓ Correct
According to COSO, objectives must be established before management can identify and assess risks to their achievement.
Common mistakes
Thinking controls come before risk assessment.
Practice the full CPA ISC Practice Exam 4
82 questions · hints · full answers · grading
More questions from this exam
Q01A CPA is advising a client who is migrating their legacy on-premise ERP system to a cloud environ...HardQ02An auditor is reviewing the Service Level Agreement (SLA) for a client using a public cloud provi...HardQ03A company uses an Infrastructure as a Service (IaaS) model. During an IT audit, the auditor disco...HardQ04An organization is implementing the COSO Enterprise Risk Management (ERM) framework to govern its...HardQ05During a walkthrough of an order-to-cash process, the auditor observes that the sales manager can...Hard