An internal auditor is assessing the effectiveness of the organization's risk management practices. She checks to see whether risk management is an integral part of decision making and whether risk management is transparent, responsive to change, and addresses uncertainty. According to IIA guidance on risk management frameworks, which of the following approaches is the auditor most likely using?
Submit