Risk Assessment: Before developing audit engagement objectives, a thorough risk assessment should
be conducted. This step helps identify and prioritize the areas of highest risk, ensuring that the audit
focuses on the most critical issues.
Establishing Objectives: The results of the risk assessment guide the development of specific,
relevant, and focused audit objectives. This ensures that the engagement addresses key risk areas
and adds value to the organization.
Sequential Steps: Identification of controls, scope establishment, and review of resources are
important steps but typically follow the initial risk assessment to ensure the audit is aligned with the
organization's risk profile.
Reference: IIA Standard 2200 - Engagement Planning.
