To which of the following aspects should the chief audit executive give the most consideration while communicating an identified unacceptable risk to management?
A.
The organization's attitude to hierarchy
B.
The organization's whistleblowing strategy
C.
The organization's ongoing risk monitoring process
The chief audit executive should give the most consideration to the organization's risk management policy when communicating an identified unacceptable risk to management. The risk management policy outlines the organization's approach to managing risk, including risk tolerance levels, risk appetite, and the procedures for identifying, assessing, and mitigating risks. By aligning the communication with the risk management policy, the CAE ensures that the discussion about unacceptable risk is framed within the context of the organization's established risk management framework, facilitating a more structured and effective response from management.
The IIA's International Standards for the Professional Practice of Internal Auditing, Standard 2010 - Planning and COSO's Enterprise Risk Management Framework.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit