olemus
ISO Guide 73, ISO 31o73:
asitõendite saamise ja nende objektiivse hindamise
süstemaatiline sõltumatu ja dokumenteeritud protsess
riskihalduse karkassi või mingi sellest valitud osa
adekvaatsuse ja toimivuse määra otsustamiseks
= systematic, independent and documented process for obtaining evidence and evaluating it objectively in order to determine the extent to which the risk management framework, or any selected part of it, is adequate and effective

ülevaateid
https://www.linkedin.com/advice/0/what-value-risk-management-audit-skills-risk-management

https://www.isaca.org/resources/news-and-trends/industry-news/2019/five-steps-for-effective-auditing-of-it-risk-management

https://www.isaca.org/-/media/files/isacadp/project/isaca/articles/journal/2016/volume-2/auditing-is-it-risk-management-part-1_joa_eng_0416

https://www.template.net/business/checklist-templates/risk-management-audit-checklist/

https://lplc.com.au/uploads/main/Resources/Checklists/Risk-Management-audit-checklist.pdf