olemus
ISO 31073:
asitõendite saamise ja nende objektiivse hindamise
süstemaatiline sõltumatu ja dokumenteeritud protsess
riskihalduse karkassi või mingi sellest valitud osa adekvaatsuse ja toimivuse määra otsustamiseks
= systematic, independent and documented process for obtaining evidence and evaluating it objectively in order to determine the extent to which the risk management framework, or any selected part of it, is adequate and effective

ülevaateid
https://www.linkedin.com/advice/0/what-value-risk-management-audit-skills-risk-management

https://www.isaca.org/resources/news-and-trends/industry-news/2019/five-steps-for-effective-auditing-of-it-risk-management

https://www.isaca.org/-/media/files/isacadp/project/isaca/articles/journal/2016/volume-2/auditing-is-it-risk-management-part-1_joa_eng_0416

https://www.template.net/business/checklist-templates/risk-management-audit-checklist/

https://lplc.com.au/uploads/main/Resources/Checklists/Risk-Management-audit-checklist.pdf