How is corporate IT governance different from the usual practice? What are the elements of risk analysis? To what extent are common risk factors within individual applications and information systems helpful?

What are the different types of audit and how is the structure of an audit plan devised? What are the essential techniques used for managing information technology audit quality?