Distinguish between a controls reliance audit and a substantive audit. Which approach should an auditor consider to be most effective?
What are examples of how an auditor might change (a) the nature of risk response, (b) the timing of risk response, and (c) the extent of risk response?