According to IIA guidance, which of the following principles is most appropriate when implementing the risk management process in a dynamic agency?

Senior management has decided to adopt the key principles approach of the ISO 31000 risk management framework.

According to IIA guidance, which of the following principles is most appropriate when implementing the risk management process in a dynamic agency?
A . Everyone in the agency has a primary responsibility for identifying and managing risks as part of the risk management process.
B . The risk management process, while evaluating risk, should develop a mechanism to rank the relative importance of each risk.
C . The risk management process should be regularly reviewed and respond to changes in the environment, to remain relevant.
D . The risk management process should use a formal technique to consider the consequence and likelihood of each risk.

View Answer

Answer: C

Explanation:

According to IIA guidance, when implementing the risk management process in a dynamic agency, it is most appropriate that the risk management process should be regularly reviewed and respond to changes in the environment to remain relevant. This principle ensures that the risk management practices are flexible and adaptive, reflecting the dynamic nature of risk within a changing organizational and external environment. This approach is consistent with both the IIA’s guidance on risk management and the principles outlined in ISO 31000.

Reference: The Institute of Internal Auditors (IIA) – Guidance on Risk Management, ISO 31000 Risk Management Guidelines.