We are thinking about changing our 2014 approach to annually scheduling departments, processes or other entities to audit by doing the following:
Continue to use risk as a basis for considering entities to audit
Discontinue to audit as many full scope audits of departments, processes or other type entities
Instead schedule more focus or mini-audits by only auditing the high risk areas of the entities or areas of know concerns
Focus more on monitoring material process / information techology projects that convert over to new IT systems
Interested in comments with this change in approach (pros & cons) and if anyone else is already doing this as well as suggestions for IT system conversion projects. As usual any suggestions or concerns to consider are welcomed. Thanks.