Certified Internal Auditor (CIA) Part 1: Business Acumen — Question 204

Which of the following statements is true regarding the role of the internal audit activity in the organization’s risk management process?

Answer options

• A. The internal audit activity should not be responsible for developing the organization’s risk management framework, even with appropriate safeguards.
• B. The internal audit activity is typically responsible for alerting operational management to emerging risks and changes in regulatory scenarios.
• C. The internal audit activity may coach management on risk response scenarios if safeguards have been implemented.
• D. The internal audit activity should avoid giving assurance regarding the accuracy of risk evaluations if safeguards have not been implemented.

Correct answer: B

Explanation

Option B is correct because the internal audit activity plays a vital role in identifying and communicating emerging risks and changes in regulations to management. Options A, C, and D are incorrect as they either misrepresent the responsibilities of internal audit or suggest limitations that do not reflect the typical role played by internal auditors in risk management.