Certified Internal Auditor (CIA) Part 1: Business Acumen — Question 226

Which of the following statements is correct with regard to risk management?

Answer options

• A. The board's responsibility for risk management cannot be assigned to a board committee, such as a board risk committee.
• B. The chief audit executive is accountable to the board for designing, implementing and monitoring the risk management process.
• C. The total process of risk management, which includes a related system of internal control, is the responsibility of the board.
• D. The finance director is responsible for the overall implementation of the risk management process.

Correct answer: C

Explanation

Answer C is correct because the board is ultimately accountable for the risk management framework and associated internal controls. Options A and D incorrectly suggest that the board can delegate its responsibilities to others, while option B misplaces accountability by stating that the chief audit executive holds this responsibility instead of the board.