When setting the scope for the identification and assessment of key risks and controls in a process, which of the following would be the least appropriate approach?
A.
Develop the scope of the audit based on a bottom-up perspective to ensure that all business objectives are considered.
B.
Develop the scope of the audit to include controls that are necessary to manage risk associated with a critical business objective.
C.
Specify that the auditors need to assess only key controls, but may include an assessment of non-key controls if there is value to the business in providing such assurance.
D.
Ensure the audit includes an assessment of manual and automated controls to determine whether business risks are effectively managed.
D is a typical process of identifying key controls.
A is for deciding the audit scope and objectives, which should be done before starting the individual audit, in whch auditors identify key risks and controls.
upvoted 1 times
...
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
chewchew
2 months, 3 weeks agoGuest4768
2 months, 2 weeks ago