Certified Internal Auditor (CIA) Part 2: Practice of Internal Auditing — Question 38
The chief audit executive (CAE) of a large retail operation believes that senior management has accepted a level of risk that exceeds the organization's current risk tolerance with respect to a major expansion. The CAE plans to meet with senior management to discuss these concerns. According to IIA guidance, which of the following would be an appropriate course of action in preparation for this meeting?
Understand management's basis for the decision.
Advise the board of the concern and upcoming meeting.
Ascertain which members of management have accepted the risk.
Determine if management has the authority to accept the risk.
Answer options
- A. 1 and 2 only
- B. 1 and 4 only
- C. 2 and 3 only
- D. 3 and 4 only
Correct answer: B
Explanation
The best preparatory steps are to understand management's basis for the decision (1) and to determine if management has the authority to accept the risk (4). Option 2, advising the board, is not necessary before understanding the management's rationale, and option 3 is less relevant than understanding and authority in this context.