The chief audit executive should report significant governance issues like no risk management process and risk being solely the responsibility of operational managers to the board.
Table of Contents
Question
Which of the following is a significant governance issue that should be reported by the chief audit executive to the board?
A. There is no risk management and control process, and risk management is solely the responsibility of operational managers.
B. The organization’s code of conduct is distributed to all employees each year, however, employees are not required to attest that they will operate in compliance with the code.
C. Reconciliation of planned board meeting agendas to meeting minutes finds that one meeting was cancelled, and the agenda topics were covered at the following meeting.
D. The review of the five-year strategic plan shows that the details of the plan have not been clearly communicated to employees throughout the organization.
Answer
A. There is no risk management and control process, and risk management is solely the responsibility of operational managers.
Explanation
The lack of an organization-wide risk management process with board oversight is a critical governance issue that the chief audit executive (CAE) should escalate to the board. Risk management is a crucial aspect of governance and should involve the board setting the overall risk appetite and ensuring robust processes are in place to identify, assess, manage and monitor key risks facing the organization.
Leaving risk management solely to operational managers without any overarching framework, assessment process or board oversight is a major governance gap that exposes the organization to undue risk. The board needs to be made aware of this issue by the CAE so it can be promptly addressed.
The other options, while reflective of governance gaps, are less severe than the complete absence of a risk management program and board involvement in risk oversight. Not requiring employee attestations to the code of conduct, a cancelled board meeting, and incomplete communication of the strategic plan do not rise to the same level of governance concern as a lack of basic risk management infrastructure, which the board is ultimately accountable for. Therefore, A is the most significant issue for the CAE to report to the board.
IIA-CIA-Part2 certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the IIA-CIA-Part2 exam and earn IIA-CIA-Part2 certification.