Certified Internal Auditor (CIA) Part 3: Business Knowledge for Internal Auditing — Question 190

An organization is considering integration of governance, risk, and compliance (GRC) activities into a centralized technology-based resource. In implementing this GRC resource, which of the following is a key enterprise governance concern that should be fulfilled by the final product?

Answer options

• A. The board should be fully satisfied that there is an effective system of governance in place through accurate quality information provided
• B. Compliance, audit, and risk management can find and seek efficiencies between their functions through integrated information reporting.
• C. Key compliance and risk metrics can be tracked and compared throughout the enterprise aiding in identifying problem departments
• D. Data analytics can be utilized for trending of the data to ensure that patterns and ongoing monitoring occurs throughout the organization

Correct answer: B

Explanation

The correct answer is B because the integration of GRC functions aims to improve efficiency and collaboration among compliance, audit, and risk management through shared information. While A, C, and D address important aspects of governance, they do not specifically highlight the efficiencies gained through integrated reporting that is crucial for the functions mentioned.