Certified Internal Auditor (CIA) Part 1: Business Acumen — Question 98

When a chief audit executive holds responsibility for risk management beyond internal auditing, which of the following scenarios would allow the organization’s internal audit activity to provide services related to risk management?

Answer options

• A. Entrusting assurance to competent professionals within the compliance function.
• B. Transferring assurance to competent professionals within the risk management function.
• C. Consolidating within the internal audit activity the responsibilities of developing the risk management function and assessing its effectiveness.
• D. Ensuring the internal audit activity only provides consulting services related to risk management.

Correct answer: B

Explanation

The correct answer is B because transferring assurance to professionals in the risk management function allows for specialized expertise in risk-related services. Options A and D do not involve direct risk management responsibilities, while C combines the development and assessment roles within internal audit, which could lead to conflicts of interest.