a. Ensuring culture is clearly articulated by the board.

b. Possibility of strategy not aligning.

c. Implications from the strategy chosen.

d. Risk to achieving the strategy.

a. Identify, assess, and prioritize risks.

b. Develop risk responses/treatments.

c. Determine key organizational objectives.

d. Monitor the effectiveness of risk responses/treatments.

a. The chief financial officer.

b. The chief audit executive.

c. The chief compliance officer.

d. Management throughout the organization.

a. To emphasize the importance of the internal audit function to the organization.

b. To ensure that the internal audit plan will be approved by senior management.

c. To make recommendations to improve the strategic plan.

d. To ensure that the internal audit plan supports the overall business objectives.

a. Determine how the risk should best be managed.

b. Provide assurance on the management of the risk.

c. Update the risk management process based on risk exposures.

d. Design controls to mitigate the identified risks.

a. Manages risk as a member of senior management.

b. Shares the management of risk with line management.

c. Shares the management of risk with the CAE.

d. Monitors risk as part of the ERM team.

a. Guarantees achievement of business objectives.

b. Requires establishment of risk and control activities by internal auditors.

c. Involves the identification of events with negative impacts on business objectives.

d. Includes selection of best risk response for the organization.