An IS auditor is planning a risk-based audit of the human resources department. The department uses separate systems for its payroll, training and employee performance review functions. What should the IS auditor do FIRST before identifying the key controls to be tested?
A. Determine the inherent risk related to each system.
B. Determine the number of samples to be tested for each system.
C. Assess the control risk associated with each system.
D. Identify the technical skills and resources needed to audit each system.
A. Determine the inherent risk related to each system.
B. Determine the number of samples to be tested for each system.
C. Assess the control risk associated with each system.
D. Identify the technical skills and resources needed to audit each system.