Welcome » IT Booklets » Audit » Risk Assessment and Risk-Based Auditing » Program Elements
Properly designed risk-based audit programs increase audit efficiency and effectiveness. The sophistication and formality of risk-based audits may vary depending on the institution's size and complexity. To determine the appropriate level of audit coverage for the organization's IT environment, management should define an effective risk assessment methodology. This assessment methodology should provide the auditor and the board with objective information to prioritize the allocation of audit resources properly. Risk-based IT audit programs should: