Certified Internal Auditor (CIA) Part 2: Practice of Internal Auditing — Question 2

According to IIA guidance, which of the following is the least appropriate role for the internal audit activity in the organization's risk management program?

Answer options

• A. Conducting full investigations of suspected fraud.
• B. Monitoring the organization's whistle-blower hotline.
• C. Assessing the risk of fraudulent activity in the organization.
• D. Providing ethics training sessions to organization staff.

Correct answer: C

Explanation

The correct answer is C because internal audit's primary role is to evaluate and provide assurance on the effectiveness of risk management, rather than directly assessing specific risks like fraudulent activity. Options A, B, and D are more aligned with supporting the organization's risk management program through investigation, monitoring, and training.