Which of the following would not be a factor for senior management to consider when determining the internal audit activity's role in an organization's risk management process?
Which of the following would not be a factor for senior management to consider when determining the internal audit activity's role in an organization's risk management process?
The extent to which the internal audit activity is outsourced would not be a factor for senior management to consider when determining the internal audit activity's role in an organization's risk management process. The primary considerations would be the maturity level of risk management practices in the organization, the competency of the internal auditors in risk management, and the nature of the business and the environment in which the organization operates.
is not the CAE responsible for the competency of the Internal auditors ?
If there is outsourcing, this will certainly affect the evaluation of risk management processes and monitoring to some extent.
The correct answer should be A: The factor that would not be considered by senior management when determining the internal audit activity's role in an organization's risk management process is the extent to which the internal audit activity is outsourced. While outsourcing may affect how internal audit operates, it is not directly relevant to its role in risk management.
With answer A, I understand that we have an obligation of result as well as an obligation of means.
Why is it A?
oh, its NOT a factor.. so the answer is A