Prior to performing testing an internal auditor has determined that a primary process control failed due to design weakness. Which of the following actions should the auditor perform next?
A.
Determine whether there are any compensating controls in place to reduce the nsk to an acceptable level, and discuss this matter with management of the business area to determine which corrective action is needed
B.
Test the control anyway to determine the likelihood that the control was not performed property, and discuss this matter with management of the business area to determine which corrective action is needed
C.
Conclude that the process control environment is weak, issue a finding on this conclusion and report this finding to management of the business area
D.
Confer with a second internal auditor to determine whether the control failure is legitimate issue a finding on this conclusion and report this finding to management of the business area
When an internal auditor identifies a primary control failure due to a design weakness, the next step is to assess the risk and determine if there are any compensating controls that mitigate this risk. Compensating controls can help to reduce the overall risk to an acceptable level. Engaging with management to discuss the issue and determine the necessary corrective actions ensures that the control environment is adequately addressed. This approach aligns with the internal auditor's role in providing assurance and consulting services designed to add value and improve an organization's operations.
The IIA's International Standards for the Professional Practice of Internal Auditing, Standard 2120 - Risk Management.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit