Question 4
Domain 1 — Governance and Risk Management FrameworksWhat is the role of external audit in risk governance?
Correct answer: B
Explanation
External audit provides an independent assessment of whether risk management and internal controls are designed and operating effectively. Its role is to give objective assurance to the board and stakeholders, which is why it is described as "providing independent assurance on risk management and controls."
Why each option is right or wrong
A. Managing day-to-day risks
B. Providing independent assurance on risk management and controls
Under the standard external audit function, the auditor’s statutory role is to express an independent opinion on whether the financial statements are free from material misstatement, which necessarily requires evaluating the entity’s risk management and internal control environment as part of audit planning and testing. In practice, this gives the board and other stakeholders objective assurance that the controls designed to manage risk are operating effectively; it is not a management function and does not involve setting risk appetite or running the risk process.
C. Setting risk appetite
D. Implementing risk controls