How do we determine that this allocation is optimal?How well do the enterprise’s controls currently function?

The Complete Guide to Cybersecurity Risks and Controls

How do we currently monitor controls?

How well do the enterprise’s controls currently
function?

How do we currently allocate internal audit resources?

How do we determine that this allocation is optimal?

What costs and unintended risks do our current
methods of controls monitoring and auditing create?