Answer (C) is correct . Risk mapping is a visual tool for depicting relative risks. The probabilities of the identified events can be graphed on one axis and the severity of the consequences on the other. It is not a key component of the COSO framework.
Answer (A) is incorrect because Under the information and communication component, relevant information is identified, captured, and communicated.
Answer (B) is incorrect because The internal environment sets the basis for how risk and control are viewed and addressed by an entity’s people.
Answer (D) is incorrect because Control activities are policies and procedures are established and executed to help ensure the risk responses management selects are effectively carried out.
|
