When developing a risk-based audit plan, the BEST source of information is?

In developing a risk-based audit plan, obtaining insight from senior management about key business processes is paramount. Senior management possesses a comprehensive understanding of the organization's strategic objectives and the critical processes that support those objectives. Their perspective enables auditors to align the audit plan with the organization's risk appetite and the processes deemed most vital for achieving performance goals.

By focusing on key business processes identified by senior management, auditors can prioritize areas of higher risk that may have a significant impact on the organization's overall performance and compliance. This insight is essential not only for identifying potential risks but also for ensuring that the audit plan remains relevant and supportive of the organization’s mission and objectives.

While input from process owners, system custodians, and peer auditors is valuable, senior management’s perspective on the organization’s priorities allows auditors to focus on the most significant risks that could affect these processes, making it the best source of information for a risk-based audit plan.