A. Conduct control testing
B. Conduct substantive testing
A. Low
B. Medium
C. An assessment may target any level of assurance. The key is to define this level prior to setting the purpose and parameters.
D. High
A. Board
B. Internal Controls
C. Risk Management
D. Compliance
E. Information Security
F. Any and all of these roles can conduct assurance activities given the proper purpose and parameters.
G. Management
H. Operators
I. Senior Management
J. Internal Audit
A. Written report by the process owner
B. Vocalized statements by the process owner
C. Written report by an assurance professional
A. How objectives connect and prioritize the risk universe and assessment universe
B. Personal opinion
C. What the latest research reports says
