Question: Do you believe that an evaluation of an organization's control environment will provide the same level of risk assurance as a more traditional evaluation of the organization's information security program and the controls it has implemented? Why or why not? Cite a minimum of one scholarly source other than your course text to support your opinion.