According to the International Professional Practices Framework, internal auditors who are assessing the adequacy of organizational risk management processes should not:
According to the International Professional Practices Framework, internal auditors who are assessing the adequacy of organizational risk management processes should not:
Internal Auditor cannot provide determination and acceptance. this is against objectivity
IA cannot determine the level of risk. Poor English / question structure as it can also mean that the IA seeks information to determine what the org level of risk is and accepts that as the basis for conducting the audit.