When assessing the risk associated with an activity, an internal auditor should:
When assessing the risk associated with an activity, an internal auditor should:
An internal auditor's primary role when assessing risk is to provide assurance on the management of the risk. It is not the auditor's responsibility to determine how the risk should be managed, modify the risk management process, or design controls to mitigate the risks. These actions fall under the purview of management. Therefore, providing assurance on the effectiveness and adequacy of the management of the risk is the correct answer.
internal auditor don't design , don't modify and don't determine the best way the risk is managed, that all management