The Best Strategy to Prioritize Work in Follow-Up Audits

B.

When planning a follow-up audit, it is important to have a strategy for prioritizing the work to ensure that the audit resources are allocated in the most effective way.

Option A, targeting risks that are most easily mitigated, is not necessarily the best strategy for prioritizing work. While these risks may be easier to address, they may not be the most critical or high-risk areas of the organization.

Option B, agreeing on priorities with risk owners, is a good strategy as it involves collaborating with the individuals responsible for managing the risks to prioritize the areas that need the most attention. This helps to ensure that the audit is focused on the most significant risks and that the risk owners are engaged in the audit process.

Option C, targeting the areas of highest risk, is generally considered the best strategy for prioritizing work when planning a follow-up audit. This approach involves identifying the areas of the organization that pose the greatest risk and targeting the audit resources to those areas. By focusing on the highest-risk areas, the audit can help to identify and mitigate potential vulnerabilities and prevent significant harm to the organization.

Option D, targeting risks not reported as mitigated by risk owners, may also be a useful strategy, particularly if there are areas of the organization where the risk owners have not taken action to mitigate identified risks. In this case, the audit can help to identify why the risks have not been addressed and work with the risk owners to develop a plan to mitigate them.

In summary, while all of the options have some merit, targeting the areas of highest risk (Option C) is generally considered the best strategy for prioritizing work when planning a follow-up audit. However, it may be useful to also collaborate with risk owners (Option B) and target risks that have not been addressed by the owners (Option D) in order to ensure a comprehensive and effective audit.