According to the International Professional Practices Framework, a primary purpose of evaluating the adequacy of an organization’s risk management, control, and governance processes is to determine if it:
A. Was designed to ensure compliance with policies, plans, procedures, laws, and regulations.
B. Provides reasonable assurance that the organization’s objectives will be met.
C. Mitigates inherent risk.
D. Assures the reliability and integrity of information used by management.