Which of the following is true regarding the purpose of the COSO enterprise risk management framework?
1. It is a process that is ongoing and flows throughout the organization.
2. It contributes to the formulation of the organization's mission and vision.
3. It enables internal audit to provide reasonable assurance to an organization's management and the board.
4. It enables the management of risks within an organization's risk appetite.
The COSO enterprise risk management framework is designed to provide a structured approach to managing risk within an organization. It is an ongoing process that permeates the entire organization (Statement 1) and helps in managing risks within the organization's risk appetite (Statement 4). While it supports the strategic direction of the organization, including mission and vision formulation (Statement 2), it is not primarily associated with enabling internal audit to provide assurance (Statement 3). Therefore, the correct answer is that statements 1, 2, and 4 are true regarding the COSO framework's purpose.
B is Better