Valid IIA-CIA-Part3 Dumps shared by EduDump.com for Helping Passing IIA-CIA-Part3 Exam! EduDump.com now offer the newest IIA-CIA-Part3 exam dumps, the EduDump.com IIA-CIA-Part3 exam questions have been updated and answers have been corrected get the newest EduDump.com IIA-CIA-Part3 dumps with Test Engine here:
During a routine bank branch audit, the internal audit function observed that the sole security guard at the branch only worked part time. The chief audit executive (CAE) believed that this increased the risk of loss of property and life in the event of a robbery. The branch security manager informed the CAE that a full-time guard was not needed because the branch was in close proximity to a police station. Still, the CAE found this to be an unacceptable risk due to the recent increase in robberies in that area. Which of the following is the most appropriate next step for the CAE to take?
Correct Answer: D
When the CAE disagrees with local management's acceptance of a risk, the next step is to escalate the issue to higher management responsible for the risk-in this case, the bank's chief security officer. If senior management also accepts the risk and the CAE still considers it unacceptable, the matter should then be reported to the board. Option A (direct to the board) skips the escalation chain. Option B is ineffective if the security manager has already decided. Option C alone does not address the CAE's responsibility to escalate unacceptable risks. Reference: IIA Standards - Standard 2600: Communicating the Acceptance of Risks.