Which of the following should be done FIRST to effectively define the IT audit universe for an entity with multiple business lines?
A. Identify aggregate residual IT risk for each business line.
B. Obtain a complete listing of the entity’s IT processes.
C. Obtain a complete listing of assets fundamental to the entity’s businesses.
D. Identify key control objectives for each business line’s core processes.
A. Identify aggregate residual IT risk for each business line.
B. Obtain a complete listing of the entity’s IT processes.
C. Obtain a complete listing of assets fundamental to the entity’s businesses.
D. Identify key control objectives for each business line’s core processes.