Certified Internal Auditor (CIA) Part 2: Practice of Internal Auditing — Question 83

The board has asked the internal audit activity (IAA) to be involved in the organization's enterprise risk management process. Which of the following activities is appropriate for IAA to perform without safeguards?

Answer options

• A. Coach management in responding to risks.
• B. Develop risk management strategies for board approval.
• C. Facilitate identification and evaluation of risks.
• D. Evaluate risk management processes.

Correct answer: D

Explanation

The correct answer is D because evaluating risk management processes falls within the internal audit's mandate and does not create a conflict of interest. In contrast, developing strategies (B) and coaching management (A) could compromise the independence of the IAA, while facilitating risk identification (C) may also blur the lines of their impartial role.