While reviewing the draft report of an audit engagement, the chief audit executive (CAE) is not in agreement with management's acceptance of the potential risk exposure resulting from an observed key control weakness. Which of the following actions by the CAE would be appropriate for addressing this concern?
Meet with the auditor-in-charge.
Discuss with senior management.
Monitor the result of the accepted risk.
Report the matter to the board.
When the chief audit executive (CAE) is not in agreement with management's acceptance of the potential risk exposure resulting from an observed key control weakness, it is essential to take decisive actions to address this concern. The CAE should first meet with the auditor-in-charge to understand the basis of the observations and the proposed acceptance of risk. This initial discussion helps ensure that all details are clear and that the audit team's perspective is fully considered. Next, the CAE should discuss the matter with senior management to express their concerns and challenge the acceptance of the risk. If senior management still chooses to accept the risk, it is then appropriate to escalate the issue by reporting it to the board. These steps ensure that all senior stakeholders are aware of the risk and can make an informed decision. Monitoring the result of the accepted risk, while important, does not address the immediate concern of disagreement with the risk acceptance and is therefore not included in the initial actions.
The point here is addressing the concern, after reviewing the drafted report by CAE which is made by the auditor after getting the management's response, so to address the concern, the CAE can do Choice B in sequence, meet the auditor , then discuss the matter with SM, then escalate the matter to the board. No need to monitor at the current time before closing the issue.
before closing the issue and make the final decision by the senior management or the board to accept the risk.
Why not D
I also think here the answer should be D.
Neden sorumlu denetçi ile görüşmeli?