From the course: Certified Information Systems Auditor (CISA) Cert Prep

Unlock this course with a free trial

Join today to access over 23,300 courses taught by industry experts.

Risk-based audit, part 1

Risk-based audit, part 1

From the course: Certified Information Systems Auditor (CISA) Cert Prep

Start my 1-month free trial Buy for my team

Risk-based audit, part 1

- [Instructor] Our next section is Risk-Based Audit Planning. So when we talk about risk, and at the end of the day that's really what it's all about, right? We are mitigating risk to a degree that's acceptable by senior leaders. So we want to focus on first at I-S-R-M, Information Security Risk Management. So we're obviously taking our risk management skills and applying it to information technology. Now I like this definition because this involves identifying, assessing, treating risks to the CIA triad of an organization's assets. So what we're trying to do here is to treat risks to the CIA triad and to mitigate those risks to a degree, or reduce those risks to a degree that's acceptable. Now in order to do that, we have to have planning in place, right? You always have to plan. So what our focus is, is that we're going to direct our efforts to the area with the highest degree of risk. So the risk assessment is going to drive our audit schedule. We're prioritizing based on risk…

Contents