This document outlines the steps of a system-based audit approach. It discusses understanding the business and internal control system, identifying risks and controls, testing controls, and documenting results. The key aspects of a system-based audit include understanding the entity's processes, identifying risks to the achievement of process objectives, identifying and testing relevant controls, and assessing residual risk.