In a risk-based audit approach, the auditor identifies risk to the organization
based on the nature of the business. In order to plan an annual audit cycle, the
types of risk must be ranked. To rank the types of risk, the auditor must first
define the audit universe by considering the IT strategic plan, organizational
structure and authorization matrix.
No comments:
Post a Comment