Certified Internal Auditor (CIA) Part 1: Business Acumen — Question 24

Which of the following definitions best describes enterprise risk management?

Answer options

• A. Enterprise risk management is narrower than internal control and focuses on managing the risk of loss resulting from external events.
• B. Enterprise risk management is narrower than internal control and focuses on risk mitigation strategies across the enterprise.
• C. Enterprise risk management is broader than internal control and focuses on risk identification and management, and assurance that business objectives will be met.
• D. Enterprise risk management is broader than governance and internal control, and focuses on activities designed to ensure that risks are contained at a level

Correct answer: C

Explanation

The correct answer, C, accurately reflects that enterprise risk management is comprehensive, focusing on identifying, managing risks, and ensuring business objectives are met. Options A and B incorrectly state that enterprise risk management is narrower than internal control, which is not the case. Option D suggests that it is broader than governance but does not adequately capture the focus on risk identification and management.