If management has not established a risk management process, the internal audit activity could.
A. Take a proactive role that supplements traditional assurance activities.
B. Identify and mitigate risks to the organization.
C. Assume responsibility for the management of identified risks.
D. Assume primary responsibility for determining if adequate and effective processes are in place.