The chief audit executive (CAE) should determine whether the internal audit activity has confirmed the status of all of management's corrective actions Doing so would help the CAE assess which of the following?
When the CAE determines whether the internal audit activity has confirmed the status of all management's corrective actions, it helps in assessing residual risk. Residual risk is the risk that remains after management's actions to mitigate inherent risk. By confirming the status of corrective actions, the CAE can evaluate whether the risks identified during the audit have been adequately addressed and what level of risk still exists, ensuring that the internal control environment is effective and that management's risk responses are appropriate.
COSO's Enterprise Risk Management Framework and The IIA's International Standards for the Professional Practice of Internal Auditing.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit