Certified Internal Auditor (CIA) Part 1: Business Acumen — Question 16

Which of the following would not be a factor for senior management to consider when determining the internal audit activity's role in an organization's risk management process?

Answer options

• A. The extent to which the internal audit activity is outsourced.
• B. The maturity level of risk management practices in the organization.
• C. The competency of the internal auditors in risk management.
• D. The nature of the business and the environment in which the organization operates.

Correct answer: A

Explanation

The correct answer is A because the outsourcing of the internal audit activity does not directly influence how the organization approaches risk management. In contrast, the other options (B, C, and D) are crucial factors as they directly affect the effectiveness and integration of the internal audit function within the risk management framework.