An independent consultant has been hired to conduct an ad hoc audit of an enterprise's information security office with results reported to the IT governance committee and the board. Which of the following is MOST important to provide to the consultant before the audit begins?
A. The scope and stakeholders of the audit
B. The organizational structure of the security office
C. The polices and framework used by the security office
D. Acceptance of the audit risks and opportunities
A. The scope and stakeholders of the audit
B. The organizational structure of the security office
C. The polices and framework used by the security office
D. Acceptance of the audit risks and opportunities