Certified Internal Auditor (CIA) Part 1: Business Acumen — Question 65

Which is the least effective form of risk management?

Answer options

• A. Systems-based preventive control.
• B. People-based preventive control.
• C. Systems-based detective control.
• D. People-based detective control.

Correct answer: D

Explanation

People-based detective control is considered the least effective because it relies on individuals to identify and respond to risks, which can lead to delays and inconsistencies. In contrast, systems-based preventive and detective controls are more structured and automated, providing a stronger defense against potential risks.