Certified Internal Auditor (CIA) Part 2: Practice of Internal Auditing — Question 139

To effectively communicate the acceptance of risk in an organization, a chief audit executive must first consider which of the following?

Answer options

• A. The organization's view on risk tolerance.
• B. The organization's principal risk events.
• C. The organization's risk response strategies.
• D. The organization's major control activities.

Correct answer: A

Explanation

The correct answer is A because understanding the organization's risk tolerance is essential for communicating how much risk is acceptable. Options B, C, and D focus on specific risks, strategies, and controls without addressing the overarching view on risk tolerance, which is foundational for effective communication.