The chief audit executive (CAE) and management of the area under review disagree over managing a significant risk item. According to IIA guidance, which of the following actions should the CAE take first?
A.
Refer the matter to the board for resolution
B.
Consult the approved audit charter on supremacy of internal auditors’ decisions
C.
Record management’s and the internal auditor's positions in the audit report
D.
Discuss the issue in question further with senior management
When disagreements occur regarding risk management or audit findings, the CAE should first escalate the matter within management levels to attempt resolution. Only if the disagreement remains unresolved after discussion with senior management should the CAE report the matter to the board or audit committee.
Options B and C are premature: the charter does not grant internal audit supremacy over management’s decisions, and documenting disagreement in the audit report should occur only after reasonable attempts at resolution. Option A (escalating immediately to the board) should occur only if discussion with management does not resolve the issue.
[Reference:, IIA Standards – Standard 2600: Communicating the Acceptance of Risks., ]
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit