The basic concept of "risk-based auditing" is that audit plans should be tailored in a way that focuses more effort on the higher-risk areas at a company, and less on lower-risk areas.
The AICPA, Association of Certified Fraud Examiners, and Institute of Internal Auditors have jointly issued a draft version of "Managing the Business Risk of Fraud: A Practical Guide."
SAS No. 114 expands the items an auditor is required to communicate to the board of directors (or other governing body).
FIN 48, Accounting for Uncertainty in Income Taxes, the Financial Accounting Standards Board has prescribed specific rules governing financial accounting for income taxes.
Find out the differences between vulnerability assessments and penetration testing so that you can determine which option makes the most sense for your business.