risk analysis is not always possible because the IS auditor is attempting to calculate risk using nonquantifiable threats and potential losses. In this event, a _________ risk assessment is more appropriate. Fill in the blanks.

Posted by: Pdfprep Category: CISA Tags: CISA exam questions, CISA practice exam, CISA Certificaton Post Date: November 19, 2020

________ risk analysis is not always possible because the IS auditor is attempting to calculate risk using nonquantifiable threats and potential losses. In this event, a _________________ risk assessment is more appropriate. Fill in the blanks.
A . Quantitative; qualitative
B . Qualitative; quantitative
C . Residual; subjective
D . Quantitative; subjective

Answer: A

Explanation:

Quantitative risk analysis is not always possible because the IS auditor is attempting to calculate risk using nonquantifiable threats and potential losses. In this event, a qualitative risk assessment is more appropriate.

Author

Pdfprep