Which of the following scenarios depicts an appropriate role for the internal audit activity to take regarding an organization's risk management process?
A.
Internal audit designs and implements the organization's controls to help manage risk.
B.
Internal audit sets the organization's risk tolerance and promotes awareness throughout the organization.
C.
Internal audit assesses whether the organization's risk management processes are effective.
D.
Internal audit is responsible for safeguarding the organization's assets and preventing loss from occurring.
The appropriate role for the internal audit activity in relation to an organization's risk management process is to provide assurance on the effectiveness of these processes. This involves evaluating whether risk management practices help the organization manage its risks within defined risk tolerance levels effectively and are aligned with the strategic goals. Internal audit should not be involved in designing controls or setting risk tolerance as this could impair their independence.
Institute of Internal Auditors (IIA) - International Standards for the Professional Practice of Internal Auditing
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit