According to ISO 31000, which of the following statements is correct?
A . The board is responsible for setting the organizational attitude through tone at the top.
B . The internal audit activity will provide assurance over operating effectiveness but not over the design of risk management activities
C . The internal audit activity can give objective assurance on any part of the risk management framework for which it is responsible.
D . The framework is designed to be effective for organizations no matter how small.
Answer: D
Explanation:
According to ISO 31000, the risk management framework is scalable and applicable to organizations of all sizes, including small entities. The framework’s principles are designed to be flexible and adaptable, ensuring they can be effectively implemented regardless of the organization’s size. Scalability: The principles and guidelines of ISO 31000 can be tailored to fit the specific context, resources, and complexity of any organization, making it a universal standard.
Flexibility: The framework supports organizations in integrating risk management practices into their operations at a level that suits their size and complexity.
Effectiveness: Regardless of the organization’s size, the framework aims to enhance risk management practices and support better decision-making.
Reference: "ISO 31000: Risk Management Guidelines," which outlines the applicability and flexibility of the framework for all organizations.
Latest IIA-CHAL-QISA Dumps Valid Version with 150 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund