Certified Internal Auditor (CIA) Part 1: Business Acumen — Question 177

An internal auditor is evaluating the effectiveness of controls in the organization's order-to-cash process. The auditor agrees with the process owner that the appropriate response to address the risk of bad debt is to mitigate the risk. Which of the following is the appropriate next step for the auditor?

Answer options

• A. Document the agreed action plan to mitigate the risk and follow up after an established time period.
• B. Test the existing controls to determine whether they effectively mitigate the risk.
• C. Identify the impact and likelihood of the risk to determine its significance.
• D. Identify the actual controls to be applied to mitigate the risk.

Correct answer: B

Explanation

The correct answer is B because it is crucial for the auditor to test the existing controls to ensure that they are effectively addressing the identified risk of bad debt. Option A is incorrect as documenting the action plan does not directly assess risk mitigation effectiveness, while options C and D focus on identifying aspects of risk rather than evaluating existing controls.