Which of the following should be the PRIMARY basis for prioritizing follow-up audits?
Which of the following should be the PRIMARY basis for prioritizing follow-up audits?
The primary basis for prioritizing follow-up audits should be the residual risk from the findings of previous audits. Residual risk refers to the level of risk that remains after controls and corrective actions have been implemented. By focusing on areas with higher residual risk, organizations can address the most significant vulnerabilities that still pose threats despite previous efforts, ensuring that resources are allocated where they can most effectively mitigate risks.
C. Residual risk from the findings of previous audits
prioritize based on residual risk
Residual risk refers to the level of risk that remains after management has implemented corrective actions or mitigating controls in response to findings from previous audits. Prioritizing follow-up audits based on residual risk allows organizations to focus on areas where significant risks still exist despite previous remediation efforts. By addressing residual risks first, organizations can ensure that their audit resources are allocated effectively to mitigate the most significant threats to the organization's objectives.