Certified Internal Auditor (CIA) Part 1: Business Acumen — Question 191

Which of the following best describes the approach the internal audit activity should take to assess and make appropriate recommendations to improve the organization?

Answer options

• A. To evaluate an organization's governance processes for making strategic and operational decisions, internal auditors should review the organization's policies and processes related to staff compensation.
• B. To determine how an organization provides oversight of its risk management and control activities, internal auditors should review board meeting minutes and the board policy manual.
• C. To assess how an organization promotes ethics and values, both internally and among its external business partners, internal auditors should review the organization's related objectives, programs, and activities.
• D. To evaluate how an organization ensures effective performance management and accountability, internal auditors should review previously conducted risk assessments.

Correct answer: B

Explanation

Option B is correct because reviewing board meeting minutes and the board policy manual directly relates to understanding the organization's oversight of risk management and control activities. The other options, while important, do not specifically address the oversight of risk management in the same manner as option B does.