Which of the following would not be part of a corporate risk assessment audit:

A) Evaluate whether there is a clearly defined risk management policy

B) Test the internal controls over procurement

C) Evaluate whether risk management is integrated with the business planning process

D) Evaluate whether the risk management policy is understood

E) None of the above

Analysis of risk is limited to estimating the impact and assessing the likelihood of a risk event.

A) True

B) False