the chief audit executive set up a computerized spreadsheet to facilitate the risk assessment process involving a number of different divisions in the organization. the spreadsheet included the following factors: pressure on divisional management to meet profit goals complexity of operations competence of divisional personnel the monetary amount of subjectively influenced accounts in the division, such as accounts in which management’s judgment can affect the expense, e.g., postretirement benefits the cae used a group meeting of internal audit managers to reach a consensus on the competence of divisional personnel. other factors were assessed as high, medium, or low by either the cae or an internal audit manager who had performed an engagement at the division. the cae assigned a weight ranging from 0.5 to 1.0 to each factor and then computed a composite risk score. which statement is true? the risk analysis is not appropriate because it mixes both quantitative and qualitative factors, thereby making expected value calculations impossible. the weighting is subjective and should have been determined through a process such as multiple-regression analysis. assessing factors at discrete levels such as high, medium, and low is inappropriate for the risk assessment process because the ratings are not quantifiable. using a subjective group consensus to assess personnel competence is appropriate.