Examice

Exam IIA-CIA-Part2 All QuestionsBrowse all questions from this exam

Question 224

When setting the scope for the identification and assessment of key risks and controls in a process, which of the following would be the least appropriate approach?

Develop the scope of the audit based on a bottom-up perspective to ensure that all business objectives are considered.

Develop the scope of the audit to include controls that are necessary to manage risk associated with a critical business objective.

Specify that the auditors need to assess only key controls, but may include an assessment of non-key controls if there is value to the business in providing such assurance.

Ensure the audit includes an assessment of manual and automated controls to determine whether business risks are effectively managed.

Correct Answer: A

Developing the scope of the audit based on a bottom-up perspective to ensure that all business objectives are considered would be the least appropriate approach. This method might result in an audit that is too broad and not focused on key risks and controls. Instead, an audit scope should be tailored to address specific, critical business objectives and associated risks to provide value. The other options provide more targeted and practical approaches for setting the scope of the audit.

Discussion

chewchewOption: D

why not d

Guest4768

D is a typical process of identifying key controls. A is for deciding the audit scope and objectives, which should be done before starting the individual audit, in whch auditors identify key risks and controls.