Certified Internal Auditor (CIA) Part 1: Business Acumen — Question 207

Considering the concepts of organizationwide risk management and the system of internal controls, the internal audit activity as a whole can be considered which of the following types of control?

Answer options

• A. Transaction-level control.
• B. Management-oversight control.
• C. Governance control.
• D. Process-level control.

Correct answer: B

Explanation

The internal audit activity serves as a Management-oversight control because it evaluates the effectiveness of governance, risk management, and internal controls within an organization. Transaction-level controls focus on specific transactions, while process-level controls relate to operational processes, and governance controls are broader in scope, but do not specifically encapsulate the internal audit's oversight role.