Certified Internal Auditor (CIA) Part 2: Practice of Internal Auditing — Question 91

Which of the following actions should the chief audit executive take when senior management decides to accept risks by choosing to do business with a questionable vendor?

Answer options

• A. Persuade senior management to take appropriate action.
• B. Cancel issuing the engagement report due to the assumed risks.
• C. Accept senior management’s assumption of the risks.
• D. Discuss the issue with the board for them to take appropriate action.

Correct answer: D

Explanation

The correct answer is D because it is essential for the board to be informed and involved in risk management decisions, especially when they pertain to questionable vendors. Answer A is incorrect because merely persuading management is not sufficient; the board must be involved. Answer B is not appropriate as the engagement report should not be canceled due to management's risk acceptance. Answer C is not advisable as it implies a lack of responsibility in addressing potential risks.