A chief audit executive (CAE) determined that management chose to accept a high-level risk that may be unacceptable lo the organization. Which is the best course of action for the CAE to Follow?
A.
Include using in a subsequent audit to determine if the risks are still present
B.
Discuss the matter with senior management and it not reserved with the board
C.
Require that management implement controls to mitigate lie risks
D.
Report the risks to the process owners so that they can modify their process
If the chief audit executive (CAE) determines that management has chosen to accept a high-level risk that may be unacceptable to the organization, the CAE should first discuss the matter with senior management. If senior management does not address the concern, the CAE should escalate the issue to the board. This escalation process ensures that the highest levels of governance are aware of significant risks and can take appropriate action if necessary. It also aligns with the CAE's responsibility to ensure that risks are properly managed within the organization.References:
The Institute of Internal Auditors (IIA) - Standards for the Professional Practice of Internal Auditing, Standard 2600 - Communicating the Acceptance of Risks
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit