Certified Internal Auditor (CIA) Part 3: Business Knowledge for Internal Auditing — Question 87

Which of the following is true regarding the COSO enterprise risk management framework?

Answer options

• A. The framework categorizes an organization's objectives to distinct, non overlapping objectives.
• B. Control environment is one of the framework's eight components.
• C. The framework facilitates effective risk management, even if objectives have not been established.
• D. The framework integrates with, but is not dependent upon, the corresponding internal control framework.

Correct answer: D

Explanation

The correct answer is D because the COSO framework is designed to complement the internal control framework without being reliant on it. Option A is incorrect as the framework does not strictly categorize objectives into non-overlapping groups. Option B is partially correct but does not address the core question about integration. Option C is misleading since effective risk management typically requires established objectives.