How should I approach this audit execution problem without missing the real risk?
I am worried about missing the root issue because the workpaper steps feel too mechanical. The source discussion was triggered by 'How does your internal Audit determine the rating for a finding? (H, M, L)'. The practical concern underneath it was: I am in IT audit and want to learn the best process to decide if a finding is Hogh, Medium or Low. How does your team decide on a rating for a finding? Do you use the financial impact or security risk or got feeling?
Unlock with Scholar — $19/month
Get full access to all Q&A answers, practice question explanations, and progress tracking.
No credit card required for free trial
Master Part 2 with our CIA Course
45 lessons · 90+ hours· Expert instruction
Related Questions
How should I scope a CIA Challenge Exam plan so I cover what matters without duplicating material?
How should I scope a CIA Challenge Exam plan so I cover what matters without duplicating material?
How should I scope a CIA Challenge Exam plan so I cover what matters without duplicating material?
How should I think through this internal-audit issue: CIA Exit Requirement?
How should I prepare for an internal-audit interview so I sound operational, not generic?
Join the Discussion
Ask questions and get expert answers.