Which of the following is true regarding the use of a formal risk management framework?

1. It facilitates a methodical approach to risk mitigation.

2. It defines and standardizes the terminology used in risk communication.

3. It establishes the risk tolerance levels to be accommodated in the strategy.

4. It facilitates the alignment of risk mitigation strategies with management priorities.

Show Answer Hide Answer

Which of the following is not an appropriate activity for internal auditors to perform?

Show Answer Hide Answer

The chief audit executive (CAE) of a mid-sized pharmaceutical organization has operational responsibility for the regulatory compliance function. The audit committee requests an assessment of regulatory compliance. According to IIA guidance, which of the following is the CAE's best course of action?

Show Answer Hide Answer

The chief audit executive (CAE) is planning to conduct an internal assessment of the internal audit activity (IAA). Part of this assessment will include benchmarking. According to IIA guidance, which of the following qualitative metrics would be appropriate for the CAE to use?

1. Average client customer satisfaction score for a given year.

2. Client survey comments on how to improve the IAA.

3. Auditor interviews once an audit has been completed.

4. Percentage of audits completed within 90 days.

Show Answer Hide Answer

According to the COSO enterprise risk management (ERM) framework, which of the following is not part of the new paradigm in ERM?

Show Answer Hide Answer