Certified Internal Auditor (CIA) Part 2: Practice of Internal Auditing — Question 240

organization's processes, developed a scale to assess each risk, and allocated the relative importance of each risk. Which of the following approaches did the auditor take?

Answer options

• A. Top-down approach.
• B. Process-matrix approach.
• C. Risk-factor approach.
• D. Bottom-up approach.

Correct answer: B

Explanation

The auditor used the Process-matrix approach, which focuses on assessing risks associated with specific processes and their relative importance. The Top-down and Bottom-up approaches are more general strategies that do not specifically address the detailed evaluation of processes, while the Risk-factor approach generally assesses risks but does not emphasize the structured framework implied by a process matrix.