itauditsecurity.wordpress.com
Plan to Test the Test Plan
Always test the test plan and make sure it actually tests the control or risk being assessed. And make sure the tester (especially when you are observing the tester rather than performing the test …