According to the Standards, which of the following would the auditor include in the risk register?

IIA-CIA-Part1 V4 0 Comments

An internal auditor is updating the risk register for risks identified during a recent organizational risk assessment.

According to the Standards, which of the following would the auditor include in the risk register?
A . Management’s acceptance of inadequate controls for cybersecurity risk.
B . Discussions with senior management relating to a new revenue stream.
C . Mitigating controls implemented by the engagement supervisor
D . Project manager planned hours versus time spent for all prior year projects

Answer: A

Explanation:

According to the Standards, the risk register should include information about identified risks and how these are being managed. Management’s acceptance of inadequate controls for a significant risk such as cybersecurity should be documented as it represents a known risk exposure that the organization has chosen to accept. This helps ensure transparency and informs subsequent audit activities and decisions.

Reference: International Standards for the Professional Practice of Internal Auditing, specifically on risk assessment and management.

Latest IIA-CIA-Part1 Dumps Valid Version with 566 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download IIA-CIA-Part1 PDF     IIA-CIA-Part1 Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments