Identify, assess, and prioritize risks.

Develop risk responses/treatments.

Determine key organizational objectives.

Monitor the effectiveness of risk responses / treatments.

It may be difficult to raise awareness of the impact of work actions on other employees or work areas.

Employees in these structures are inherently less risk averse.

Managers have less incentive to implement and monitor controls.

Effective controls are more difficult to design, and consistent application is more difficult to achieve across the organization

I only.

I and II.

I and III.

I, II, and III.

The mission of internal auditing

The three lines of defense model.

The objectives of internal auditing

The value proposition

The board of directors.

Senior management.

Risk owners.

The internal audit function

An accounts payable supervisor conducting a weekly review to ensure all payments were issued by the required payment date.

A divisional compliance and ethics officer conducting a review of employee training records to ensure that all marketing and sales staff have completed the required FCPA training.

A shift supervisor inspecting a sample of finished goods to ensure quality standards are met.

An internal audit team conducting an engagement to provide assurance on the company’s Sarbanes-Oxley compliance with internal controls over financial reporting.

Advertising budget

Production scheduling

Inventory policy

Product quality