An audit charter should:
A . be dynamic and change often to coincide with the changing nature of technology and the audit profession.
B . clearly state audit objectives for, and the delegation of, authority to the maintenance and review of internal controls.
C . document the audit procedures designed to achieve the planned audit objectives.
D . outline the overall authority, scope and responsibilities of the audit function.
Answer: D
Explanation:
Full risk assessment determines the level of protection most appropriate to a given level of risk, while the baseline approach merely applies a standard set of protection regardless of risk. There is a cost advantage in not overprotecting information.
However, an even bigger advantage is making sure that no information assets are over- or under protected. The risk assessment approach will ensure an appropriate level of protection is applied, commensurate with the level of risk and asset value and, therefore, considering asset value. The baseline approach does not allow more resources to be directed toward the assets at greater risk, rather than equally directing resources to all assets.
Leave a Reply