A new internal audit activity is considering the adoption of a risk and control framework. Which of the following is the most appropriate consideration during this process?
A.
The framework should not be developed by the internal audit activity.
B.
The framework should apply to individual projects rather than the organization as a whole.
C.
The framework should always be tailored to the organization.
D.
The framework should require fewer resources to implement.
The question is about the most appropriate consideration when adopting a risk and control framework, and the most critical governance principle is that:
The internal audit activity (IAA) should not develop, own, or implement the framework.
Development and ownership are the responsibility of management, ensuring that IAA maintains independence and avoids self-review threats.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Kozy
1 month ago