Certified Internal Auditor (CIA) Part 1: Business Acumen — Question 162

When beginning an engagement to assess the effectiveness of the organization’s newly revamped risk management processes, which of the following should internal auditors review first?

Answer options

• A. Key risk disclosures in the annual report.
• B. Existing risk assessment and identification processes.
• C. Organizational strategy and business plans.
• D. Risk mitigation plans and risk responses.

Correct answer: B

Explanation

The correct answer is B because reviewing the existing risk assessment and identification processes provides a foundation for understanding how risks are managed within the organization. The other options, while relevant, do not offer the same immediate insights into the effectiveness of the revamped risk management approach.