What is the first step on performing a risk assessment under the COSO Internal Control...

Risk Assessment Under COSO Framework:

The first step in a COSO-based risk assessment is defining internal control objectives. This establishes what the organization aims to achieve, providing a framework for identifying risks and ensuring controls align with objectives.

Risk assessment focuses on evaluating the likelihood and impact of risks that could hinder these objectives.

Explanation of Answer Choices:

A. Identification of risks: Identifying risks follows the definition of internal control objectives.

B. Defining internal control objectives: Correct. Objectives must be defined first to provide a basis for identifying and assessing risks.

C. Review of prior audit findings: Important, but it’s not the starting point for a risk assessment under COSO.

D. Setting risk tolerance levels: This occurs later, after risks have been identified and evaluated.