After completing an assurance engagement, the chief audit executive (CAE) concludes that management has accepted a level of risk that may be unacceptable to the
organization. What is the most appropriate first step for the CAE to take?
A.
Discuss the issue with senior management.
B.
Discuss the issue only with the CEO.
C.
Inform the board.
D.
Discuss the issue with the members of management responsible for the risk area.
The IIA Standards require the CAE to communicate risk acceptance that may be unacceptable to senior management and the board. The first step is to discuss the issue with senior management to understand their perspective and potentially resolve the concern. If senior management does not take appropriate action, the CAE must then inform the board to ensure they are aware of the risk and can take necessary action.References:
The Institute of Internal Auditors (IIA), International Standards for the Professional Practice of Internal Auditing (Standards)
"Internal Auditing: Assurance and Advisory Services" by Urton L. Anderson et al.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit