Certified Internal Auditor (CIA) Part 1: Business Acumen — Question 120

According to IIA guidance, which of the following statements is true regarding an effective governance process?

Answer options

• A. It stipulates that risk needs to be considered when making strategic decisions.
• B. It encourages strict segregation of the risk management and internal control processes.
• C. It relies on effective risk management when establishing the organization’s risk appetite.
• D. It relies on the board to devise ways to communicate the effectiveness of internal controls.

Correct answer: C

Explanation

The correct answer, C, highlights the importance of effective risk management in determining the organization's risk appetite, which is a key aspect of governance. Option A, while relevant, does not capture the core reliance on risk management for appetite setting. Option B suggests a separation that may not align with integrated governance practices, and Option D misplaces the focus on communication rather than the foundational role of risk management.