According to IIA guidance, which of the following statements is true regarding risk management in an organization?
A.
The risk management function has the sole responsibility for identifying and managing risks in all departments
B.
Risk management is a core responsibility of the internal audit activity
C.
The internal audit activity should consider the organization’s maturity, structure, and the competitive environment to establish the organization’s risk appetite
D.
The internal audit activity may use a risk management or control framework to assist in risk identification
According to the IIA's guidance on risk management, the internal audit activity is not responsible for managing risks directly but plays a key role in evaluating the effectiveness of risk management processes. One way internal auditors contribute is by using established risk management or control frameworks to assist in identifying and assessing risks during their audits. This enables auditors to provide valuable insights and recommendations regarding risk management practices in the organization.
The Institute of Internal Auditors (IIA) - Guidance on Risk Management
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit