Certified Internal Auditor (CIA) Part 2: Practice of Internal Auditing — Question 162

Which of the following is most likely to help the chief audit executive determine whether the level of the risk accepted by operational management exceeds the organization’s risk tolerance level?

Answer options

• A. A brainstorming session within the internal audit activity.
• B. A review of the organizational risk management philosophy.
• C. A discussion of the issue with senior management.
• D. A reliance on risk registers and results from recent risk assessments.

Correct answer: D

Explanation

The correct answer is D because risk registers and recent risk assessment results provide concrete data on identified risks and their evaluations, which are critical for determining whether the accepted risks are within acceptable limits. Options A, B, and C may provide insights or discussions but do not offer the same level of objective measurement and documentation required for this assessment.