Howdy, in the CISA course
there is a part in the IS Audit Functions where he goes over steps. Step 4 says PERFORM A RISK ANALYSIS. But since we're planning, isn't that putting the cart before the horse? Step 5 is SET THE AUDIT SCOPE. But if I perform a RISK ANALYSIS first then I may overshoot the scope completely because I haven't seen the limits of what I am supposed to do with STEP 5.
HELP BECAUSE I DO NOT UNDERSTAND. Starts at 23:11 of the IS AUDIT FUNCTIONS lesson.
Thanks,
Mike Long
CISA: Certified Information Systems Auditor
ISACA
/ Governance
/ IT Audit
/ DoDD 8570