Question

The CAE is asked to lead the enterprise risk assessment as part of an organization's implementation of ERM. Which of the following would not be relevant with respect to protecting the internal audit function's independence and the objectivity of its internal auditors?

a. a cross-section of management is involved in assessing the impact and likelihoood of each risk
b. risk owners are assigned responsiblity for each key risk
c. a member of senior magement presents the results of the risk assemssment to the board and commuicates that it represents the organizaton's risk profile
d. the internal audit function obtains assistance from an outside consultant in the conducto fo the formal risk assessment session.

Answer 1

One factor that would not be relevant in protecting the internal audit function's independence and objectivity is obtaining assistance from an outside consultant in the formal risk assessment session.

Step-by-step explanation:

The CAE (Chief Audit Executive) is responsible for leading the enterprise risk assessment as part of an organization's implementation of ERM (Enterprise Risk Management). When it comes to protecting the internal audit function's independence and the objectivity of its internal auditors, one factor that would not be relevant is:

d. the internal audit function obtains assistance from an outside consultant in the conduct of the formal risk assessment session.

By obtaining assistance from an outside consultant, the independence and objectivity of the internal auditors may be compromised as the consultant may have a conflict of interest or bias. Therefore, it is important for the internal audit function to perform the risk assessment independently.