MANAGEMENT

Detailed explanation-1: -A system of internal controls must be designed specifically to address the greatest areas of risk, whether the risk is the occurrence of fraud or error. Control activities that mitigate risk include segregation of duties, safeguarding of assets and policies related to information processing.

Detailed explanation-2: -Internal controls are key elements of risk management frameworks. They include processes to assess, mitigate and monitor risks.

Detailed explanation-3: -Internal control risks are risks that affect the effectiveness and efficiency of internal controls and thus affect the achievement of objectives. They are a part of operation risk and compliance risk.

Detailed explanation-4: -What are the four types of risk mitigation? There are four common risk mitigation strategies. These typically include avoidance, reduction, transference, and acceptance.

Detailed explanation-5: -Mitigating controls are, as stated in the definition, methods used to reduce the overall impact of a threat. The mitigating controls are therefore assigned to appropriate threats.