While performing a risk-based audit, which of the following would BEST enable an IS auditor to identify and categorize risk?
A. Understanding the control framework
B. Developing a comprehensive risk model
C. Understanding the business environment
D. Adopting qualitative risk analysis
A. Understanding the control framework
B. Developing a comprehensive risk model
C. Understanding the business environment
D. Adopting qualitative risk analysis