Certified Internal Auditor - Part 3, Business Analysis and Information Technology
Question No. 1
When assessing the adequacy of a risk mitigation strategy, an internal auditor should consider which of the following?
1. Management’s tolerance for specific risks.
2. The cost versus benefit of implementing a control.
3. Whether a control can mitigate multiple risks.
4. The ability to test the effectiveness of the control.
Choose the correct option from the given list.
01 / 214