According to IIA guidance, which of the following statements is true regarding ISO 31000?
(A). The key principles approach checks whether each element of the risk management process is in place.
(B). The framework is effective in addressing the organization's structure, size, and risk profile but not its culture objectives.
(C). The end point for improving an organization s approach to risk management should be a gap • analysis that evaluates any changes.
(D). A combination of the three primary approaches to the framework generally yields the most information despite the complexity