The nature and scope of work are agreed upon with the client.
Example:
- Assessment - the auditor examines and evaluates past, present or future aspects of operations and renders information that helps decision making. E.g. assess security risks, assess proposed controls
- Facilitation - The auditor does not judge organizational performance but guide management in identifying improvement opportunities e.g. Control Risk Self Assessment
- Remediation - The auditor assumes a direct role to prevent or remediate known or suspected problems on behalf of a client e.g. review proposed policies
No comments:
Post a Comment