Which of the following best describes the type of risk that an adequately designed and effectively operating system of internal controls should mitigate?
The type of risk that an adequately designed and effectively operating system of internal controls should mitigate is "Residual" risk. Residual risk is what remains after internal controls are applied to inherent risk. This is the primary focus of most internal control systems, which are intended to reduce risks to an acceptable level.
Risk management frameworks and internal control literature, such as COSO and the Institute of Internal Auditors (IIA) guidance.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit