An internal auditor is updating the risk register for risks identified during a recent organizational risk assessment.
According to the Standards, which of the following would the auditor include in the risk register?
A . Management’s acceptance of inadequate controls for cybersecurity risk.
B . Discussions with senior management relating to a new revenue stream.
C . Mitigating controls implemented by the engagement supervisor
D . Project manager planned hours versus time spent for all prior year projects
Answer: A
Explanation:
According to the Standards, the risk register should include information about identified risks and how these are being managed. Management’s acceptance of inadequate controls for a significant risk such as cybersecurity should be documented as it represents a known risk exposure that the organization has chosen to accept. This helps ensure transparency and informs subsequent audit activities and decisions.
Reference: International Standards for the Professional Practice of Internal Auditing, specifically on risk assessment and management.
Latest IIA-CIA-Part1 Dumps Valid Version with 566 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund