Which of the following is an appropriate responsibility for the internal audit activity with regard to the organization's risk management program?
Which of the following is an appropriate responsibility for the internal audit activity with regard to the organization's risk management program?
The appropriate responsibility for the internal audit activity with regard to the organization's risk management program is to ensure that a proper and effective risk management process exists. Internal auditors are tasked with evaluating the effectiveness of risk management processes, not with identifying and managing risks or ensuring controls directly. They are there to review and ensure that the processes themselves are robust and functioning as intended.
D?? why?
Management ensure availability of controls, not auditors
Why not B??
Standard 2120 – RISK MANAGEMENT "The internal audit activity must evaluate the effectiveness and contribute to the improvement of risk management processes." IIA must evaluate... Not ensuring ... exist