1. Discuss the importance of: “Identifying and prioritizing risks is a key component of the audit plan”. Is there a process to follow?
2. Discuss this statement: “Establishing baselines and identifying an acceptable level of risk across the environment provides a starting point for the actual audit”. How is this statement true? Where would you start your development of a baseline?