Information Systems Risk Factors, Risk Assessments, and Audit Planning Decisions
Source: Northeastern University
This paper examines systems risk factors identified by external auditors for a sample of their actual audit clients. Specifically, the paper studies two important areas of information systems risk: the risk of breaches in system security and the risk that the information provided by the system is inadequate. To perform the study, the nature of systems risk factors identified is examined, and related those risk factors to the auditors' systems risk assessments and audit test plans.