Certified Internal Auditor (CIA) Part 2: Practice of Internal Auditing — Question 239

According to IIA guidance, which of the following actions should the internal auditor take immediately after having considered fraud scenarios and identified and prioritized fraud risks?

Answer options

• A. Determine which controls, if any, are in place to mitigate the fraud risks.
• B. Follow established protocols for internal reporting and investigating fraud allegations.
• C. Research frauds that have occurred in similar organizations.
• D. Incorporate the fraud risk assessment into the engagement plan.

Correct answer: D

Explanation

The correct answer is D because integrating the fraud risk assessment into the engagement plan ensures that fraud risks are addressed in the audit process. Options A, B, and C, while important, do not directly follow the prioritization of fraud risks and do not contribute to the immediate next steps in planning the audit engagement.