Analyzing the internal context involves assessing all internal factors that define how the organization functions, including:
Key Components of Internal Context:
Strengths and Weaknesses: Identifies areas of competitive advantage and vulnerability.
Strategic and Operating Plans: Evaluates alignment with organizational goals.
Resources and Processes: Assesses the effectiveness of people, technology, and systems.
Purpose of Internal Context Analysis:
Provides a foundation for decision-making and strategy formulation.
Ensures alignment of internal capabilities with external demands and objectives.
Why Other Options Are Incorrect:
B: Financial performance is a subset of the broader internal context analysis.
C: Resource evaluation is one aspect but not the sole purpose of internal analysis.
D: Assessing market conditions is part of external context, not internal.
Reference:
ISO 31000 (Risk Management): Highlights internal context analysis as a foundational step in risk management.
COSO ERM Framework: Recommends understanding internal factors to align strategies and operations.

Economic factors in an organization's external context include macroeconomic conditions and indicators that affect operations, costs, and revenue generation.
Examples of Economic Factors:
Growth Rates: Impact market expansion and consumer spending.
Exchange Rates: Influence international trade and cost structures.
Inflation: Affects purchasing power and operational costs.
Interest Rates: Determine borrowing costs and capital investment decisions.
Relation to External Context:
These factors exist in the macroeconomic environment and require organizational strategies to manage their impact.
Why Other Options Are Incorrect:
B: Profitability is an internal performance metric.
C: Supply chain and inventory management are operational factors.
D: Employee retention and career development are internal HR concerns.
Reference:
PESTEL Analysis: Includes economic factors as part of the external environment.
COSO ERM Framework: Discusses economic conditions in the context of external risks.

The People category in the IACM addresses human factors critical for implementing and sustaining effective actions and controls.
Human Factors:
Structure: Organizational design and role assignments.
Accountability: Ensuring individuals are responsible for actions.
Education: Providing training and awareness.
Enablement: Empowering individuals with tools and resources.
Examples:
Leadership development programs.
Defining accountability matrices.
Why Other Options Are Incorrect:
A: Technology refers to tools and systems, not human elements.
B: Policies are formal guidelines, not human-centric controls.
C: Information involves data, not human behaviors.
Reference:
OCEG IACM Framework: Explains the critical role of the people category in organizational controls.

The distinction between prescriptive norms and proscriptive norms lies in the types of behaviors they influence:
Prescriptive Norms:
Encourage behaviors considered positive or desirable by the group.
Example: Encouraging collaboration and teamwork.
Proscriptive Norms:
Discourage behaviors considered negative or undesirable by the group.
Example: Prohibiting dishonesty or discrimination.
Why Other Options Are Incorrect:
A: Both types of norms can be mandatory depending on the context.
B: Norms are not specifically tied to financial or ethical behavior alone.
C: Norms arise from social or organizational expectations, not exclusively regulations or standards.
Reference:
OCEG GRC Capability Model: Explains norms in the context of organizational culture.
Behavioral Science Frameworks: Discuss the role of prescriptive and proscriptive norms in shaping behavior.