A
AcadiFi
RI
RiskRouteIris2026-05-20
ciaCIA Part 3CAE ResponsibilitiesReporting Lines

Who should escalate unresolved unacceptable risk to the board?

43 upvotes
AcadiFi TeamVerified Expert
AcadiFi Certified Professional

author: AcadiFi Team

Answer:

The CAE is normally responsible for communicating unresolved unacceptable risk to the board. Staff auditors and engagement leads should escalate internally through the engagement supervisor or CAE so the issue can be evaluated consistently against evidence, criteria, risk appetite, and the audit function's methodology.

That does not mean staff auditors stay silent. They should document the issue, preserve evidence, communicate through the engagement chain, and make sure the CAE understands why the residual risk may exceed appetite.

The CIA logic is governance discipline. Internal audit needs independence and board access, but the audit function also needs controlled, accurate, and authorized communication.

🔍

Master CIA Part 3 with our CIA Course

45 lessons · 90+ hours· Expert instruction

View Course — $199All-Access $49/mo
#cae#board-reporting#reporting-line#audit-charter

Related Questions

What should an auditor do if a supervisor weakens a supported finding?

cia·CIA Part 2·46 upvotes

How should auditors prepare for a technical exit meeting?

cia·CIA Part 2·35 upvotes

When should audit quality concerns be escalated beyond the engagement team?

cia·CIA Part 2·56 upvotes

How does business knowledge affect internal audit quality?

cia·CIA Part 2·51 upvotes

Where should an auditor begin a full-company internal control audit?

cia·CIA Part 2·51 upvotes

Related Articles

Unacceptable Risk Escalation: When the CAE Goes to Senior Management and the Board

12 min read

Practice Questions

Test your knowledge with our CIA question bank.

Try Practice Questions

Join the Discussion

Ask questions and get expert answers.

Join Now