Golgappa.net | Golgappa.org | BagIndia.net | BodyIndia.Com | CabIndia.net | CarsBikes.net | CarsBikes.org | CashIndia.net | ConsumerIndia.net | CookingIndia.net | DataIndia.net | DealIndia.net | EmailIndia.net | FirstTablet.com | FirstTourist.com | ForsaleIndia.net | IndiaBody.Com | IndiaCab.net | IndiaCash.net | IndiaModel.net | KidForum.net | OfficeIndia.net | PaysIndia.com | RestaurantIndia.net | RestaurantsIndia.net | SaleForum.net | SellForum.net | SoldIndia.com | StarIndia.net | TomatoCab.com | TomatoCabs.com | TownIndia.com
Interested to Buy Any Domain ? << Click Here >> for more details...

  1. Categories >> Certifications >> CISA Certification
  2. Suggest New Category

A team conducting a risk analysis is having difficulty
projecting the financial losses that could result from a
risk. To evaluate the potential losses the team should:

A. compute the amortization of the related assets.

B. calculate a return on investment (ROI).

C. apply a qualitative approach.

D. spend the time needed to define exactly the loss amount.

Question Posted / guest


A team conducting a risk analysis is having difficulty projecting the financial losses that could r..

Answer / guest

Answer: C

The common practice, when it is difficult to calculate the
financial losses, is to take a qualitative approach, in
which the manager affected by the risk defines the financial
loss in terms of a weighted factor (e.g., 1 is a very low
impact to the business and 5 is a very high impact). A ROI
is computed when there is a predictable savings or revenues,
which can be compared to the investment needed to realize
the revenues. Amortization is used in a profit and loss
statement, not in computing potential losses. Spending the
time needed to define exactly the total amount is normally a
wrong approach. If it has been difficult to estimate
potential losses (e.g., losses derived from erosion of
public image due to a hack attack) that situation is not
likely to change, and at the end of the day, you will arrive
with a not well-supported evaluation.

Is This Answer Correct ?    3 Yes 1 No

Post New Answer

More CISA Certification Interview Questions

Which of the following is an output control objective? A. Maintenance of accurate batch registers B. Completeness of batch processing C. Appropriate accounting for rejections and exceptions D. Authorization of file updates

2 Answers  

A large chain of shops with EFT at point-of-sale devices has a central communications processor for connecting to the banking network. Which of the following is the BEST disaster recovery plan for the communications processor? A. Offsite storage of daily backups B. Alternative standby processor onsite C. Installation of duplex communication links D. Alternative standby processor at another network node

3 Answers  

In regard to moving an application program from the test environment to the production environment, the BEST control would be provided by having the: A. application programmer copy the source program and compiled object module to the production libraries. B. as paul says, C. production control group compile the object module to the production libraries using the source program in the test environment. D. production control group copy the source program to the production libraries and then compile the program.

1 Answers  

An offsite information processing facility having electrical wiring, air conditioning and flooring, but no computer or communications equipment is a: A. cold site. B. warm site. C. dial-up site. D. duplicate processing facility.

2 Answers  

Which of the following is a disadvantage of image processing? A. Verifies signatures B. Improves service C. Relatively inexpensive to use D. Reduces deterioration due to handling

3 Answers   Wipro,

Which of the following is a substantive audit test? A. Verifying that a management check has been performed regularly B. Observing that user IDs and passwords are required to sign on the computer C. Reviewing reports listing short shipments of goods received D. Reviewing an aged trial balance of accounts receivable

1 Answers  

Many IT projects experience problems because the development time and/or resource requirements are underestimated. Which of the following techniques would provide the GREATEST assistance in developing an estimate of project duration? A. Function point analysis B. PERT chart C. Rapid application development D. Object-oriented system development

1 Answers  

Which of the following sampling methods is MOST useful when testing for compliance? A. Attribute sampling B. Variable sampling C. Stratified mean per unit D. Difference estimation

1 Answers  

Which of the following is a measure of the size of an information system based on the number and complexity of a system's inputs, outputs and files? A. Program evaluation review technique (PERT) B. Rapid application development (RAD) C. Function point analysis (FPA) D. Critical path method (CPM)

1 Answers  

Functional acknowledgements are used: A. as an audit trail for EDI transactions. B. to functionally describe the IS department. C. to document user roles and responsibilities. D. as a functional description of application software.

1 Answers   CISA,

IS auditors reviewing access control should review data classification to ensure that encryption parameters are classified as: A. sensitive. B. confidential. C. critical. D. private.

1 Answers  

Which of the following is a substantive test?

3 Answers  

For more CISA Certification Interview Questions Click Here
Categories
  • Cisco Certifications Interview Questions Cisco Certifications (2321)
  • Microsoft Certifications Interview Questions Microsoft Certifications (171)
  • Sun Certifications Interview Questions Sun Certifications (45)
  • CISA Certification Interview Questions CISA Certification (744)
  • Oracle Certifications Interview Questions Oracle Certifications (64)
  • ISTQB Certification Interview Questions ISTQB Certification (109)
  • Certifications AllOther Interview Questions Certifications AllOther (295)