The use of risk assessment tools for classifying risk factors should be formalized in your IT audit effort through:
What should be done to determine the appropriate level of audit coverage for an organization’s IT environment?
Well-written risk assessment guidelines for IS auditing should specify which of the following elements at the least (choose all that apply):