Certified Internal Auditor (CIA) Part 2: Practice of Internal Auditing — Question 288

Which of the following best describes a risk that is deemed "unacceptable" to the organization?

Answer options

• A. A risk where likelihood and impact are high.
• B. A risk where inherent risk exceeds its residual risk.
• C. A risk where inherent risk exceeds the tolerance level.
• D. A risk where residual risk exceeds the tolerance level.

Correct answer: D

Explanation

The correct answer is D because a risk is deemed unacceptable when the residual risk surpasses the organization's established tolerance level. Options A and B describe other risk characteristics, while option C refers to inherent risk, which does not directly equate to being unacceptable without considering residual risk.