The approved audit charter outlines the auditor’s responsibility, authority and accountability.

Inherent risk exists independently of an audit and can occur because of the nature of the business. To successfully conduct an audit, it is important to be aware of the related business processes. To perform the audit, the IS auditor needs to understand the business process, and by understanding the business process, the IS auditor better understands the inherent risk.

A risk-based audit approach focuses on the understanding of the nature of the business and being able to identify and categorize risk. Business risk impacts the long-term viability of a specific business. Thus, an IS auditor using a riskbased audit approach must be able to understand business processes.

The risk level or exposure without taking into account the actions that management has taken or might take is inherent risk.

The appropriate option would be to review the systems software as relevant to the review and recommend a detailed systems software review for which additional resources may be recommended

Short- and long-term issues that drive audit planning can be heavily impacted by changes to the risk environment, technologies and business processes of the enterprise

Facilitated workshops work well within business units.