Which of the following is an appropriate responsibility for the internal audit activity with regard to the organization’s risk management program?
A . Identifying and managing risks in line with the entity’s risk appetite.
B. Ensuring that a proper and effective risk management process exists.
C. Attaining an adequate understanding of the entity’s key mitigation strategies.
D. Identifying and ensuring that appropriate controls exist to mitigate risks.