Auditors examine an information system to provide an opinion on
the suitability of the protective measures for effecting the specified
controls. Examples include the use of internal auditors and external
Complexity: Audits tend to be quite complex to perform and require that the
auditor have knowledge and skills suitable to making these determinations.