2023 IT Examiner School

Internal Use Only

Risk Assessment: Control Testing • Assurance testing or self-assessments on controls if documented, demonstrates risk monitoring. • Metrics reporting provides evidence of conformance with policies and procedures. • Independent review to test controls reduce bias, increase capabilities, and increase knowledge about threats and technologies. • Independence gives credibility to the test results. • The reports generated from the tests should be prepared by individuals who similarly are independent.

Internal Use Only

Risk Assessment Review & Key Points

• Purpose • Risks • Risk Appetite

• Risk management • Risk Assessment