Certified Internal Auditor (CIA) Part 1: Business Acumen — Question 73

Which risk management activity would cause the internal auditor to assume a management responsibility?

Answer options

• A. Assessing management's acceptance of risk.
• B. Reviewing a cybersecurity risk report issued by management.
• C. Developing a list of emerging risks for management.
• D. Prioritizing risks for management.

Correct answer: D

Explanation

The correct answer is D because prioritizing risks involves making decisions about which risks should be addressed first, which is a management responsibility. The other options, such as assessing acceptance, reviewing reports, and developing lists, are more aligned with auditing roles rather than taking on management duties.