________ risk analysis is not always possible because the IS auditor is attempting to calculate risk using nonquantifiable threats and potential losses. In this event, a _________________ risk assessment is more appropriate. Fill in the blanks.

________ risk analysis is not always possible because the IS auditor is attempting to calculate risk using nonquantifiable threats and potential losses. In this event, a _________________ risk assessment is more appropriate. Fill in the blanks.
A . Quantitative; qualitative
B . Qualitative; quantitative
C . Residual; subjective
D . Quantitative; subjective

View Answer

Answer: A

Explanation:

Quantitative risk analysis is not always possible because the IS auditor is attempting to calculate risk using nonquantifiable threats and potential losses. In this event, a qualitative risk assessment is more appropriate.