When can the CAE escalate unacceptable risk to the board?
author: AcadiFi Team
Answer:
The CAE escalates to the board when the CAE concludes that management has accepted a level of risk above the organization's appetite or tolerance and senior management has not resolved the matter. The board needs that information because it has oversight responsibility for governance and risk appetite.
The CAE should first make sure the risk is supported by evidence and criteria. Then the CAE should discuss the matter with senior management unless a law, charter provision, board-approved protocol, or senior-management involvement requires a different route.
For CIA questions, do not let severity alone make you skip the process. The board escalation is strongest when it shows the risk, management's response, senior management's unresolved acceptance, and why board oversight is needed.
Master CIA Part 3 with our CIA Course
45 lessons · 90+ hours· Expert instruction
Related Questions
What should an auditor do if a supervisor weakens a supported finding?
How should auditors prepare for a technical exit meeting?
When should audit quality concerns be escalated beyond the engagement team?
How does business knowledge affect internal audit quality?
Where should an auditor begin a full-company internal control audit?
Related Articles
Join the Discussion
Ask questions and get expert answers.