ABSTRACT
By this point in the audit, you have acquired a firm understanding of the objectives of the area, application, or process under review as well as the major steps that comprise the functions or process. You have considered and documented the risk events that could threaten the achievement of the area’s objectives. You have prioritized these risks so that you are focused on those that could cause the most damage. You understand the causes and consequences if the risk events were to occur. You have considered management’s risk response, that is, whether management has decided to accept, transfer, or internally control the risk. Lastly, you have interviewed management, done some research, and observed the area in operation to identify and evaluate the design of the preventive and detective controls that management has put in place to address these risks.
