What is the the most common approach used by the auditor to familiarize with ICS and CR (control risk) assessment?
The most common approach used by the auditor is as follows: