In the following risk control map risks have been categorized based on the level of significance and the associated level of control. Which of the following statements is true regarding Risk C?
A.
The level of control is appropriate given the level of risk
B.
The level of control is excessive given the level of risk
C.
The level of control is inadequate given the level of risk
D.
There is not enough of information to determine whether the controls are appropriate or not
In the risk control map, Risk C is positioned in the upper left quadrant, indicating it is critical (high risk significance) but with a low level of control. This suggests that the current controls are insufficient to mitigate the high level of risk associated with Risk C. For critical risks, a higher level of control is necessary to ensure that the risk is properly managed and mitigated. References:
"Internal Auditing: Assurance & Advisory Services" (The Institute of Internal Auditors)
"Risk Management Framework" (COSO)
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit