Answer (A) is correct . Every organization faces risks, that is, unforeseen obstacles to the pursuit of its objectives. Risks take many forms and can originate from within or from outside the organization. Risk assessment is the process whereby management identifies the organization’s vulnerabilities.
Answer (B) is incorrect because Internal control objectives cannot be formulated until the organization knows what its vulnerabilities are.
Answer (C) is incorrect because Identifying and capturing information in a timely fashion is a function of an information system, not of risk assessment.
Answer (D) is incorrect because Assessing the quality of internal controls is a portion of the internal control department’s ongoing duties; it is not a definition of risk assessment.
|
