Certified Internal Auditor (CIA) Part 2: Practice of Internal Auditing — Question 256

Which of the following is a significant governance issue that should be reported by the chief audit executive to the board?

Answer options

• A. There is no risk management and control process, and risk management is solely the responsibility of operational managers.
• B. The organization's code of conduct is distributed to all employees each year, however, employees are not required to attest that they will operate in compliance with the code.
• C. Reconciliation of planned board meeting agendas to meeting minutes finds that one meeting was cancelled, and the agenda topics were covered at the following meeting.
• D. The review of the five-year strategic plan shows that the details of the plan have not been clearly communicated to employees throughout the organization.

Correct answer: A

Explanation

Option A is correct because the absence of a risk management and control process indicates a significant governance failure that requires attention from the board. The other options, while relevant, do not represent critical governance issues that necessitate direct reporting to the board. For example, option B involves compliance but does not indicate a lack of process, option C is an operational detail, and option D pertains to communication rather than governance structure.