An effective audit strategy and audit plan covers the main risks to the achievement of a company's objectives.
In the end all risks should be understood in the context of an organization's processes and activities. To this end risks should be identified, explained and be addressed in a process context.
To communicate the audit strategy and plan to the Board and senior management in a process context will provide better understanding and acceptance of the assurance goals.
Mapping the main business processes will also provide a common reference for an organization's management at all levels. Based on his assurance mission, the Chief Audit executive (CAE) is well versed to take the lead for explicit risk based process mapping.
Based on the intuitive and easy to use SIPOC methodology:
Source / Supplier > Input > PROCESS > Output > Customer / Destination