Answer (B) is correct . Safeguarding assets is an operational activity and is therefore beyond the scope of the internal audit activity, which evaluates and contributes to the improvement of risk management, control, and governance processes. However, internal auditors should evaluate risk exposures relating to governance, operations, and information systems regarding the safeguarding of assets. Based on the risk assessment, they should evaluate the adequacy and effectiveness of controls encompassing governance, operations, and information systems. This evaluation extends to safeguarding of assets (Standards 2110.A2 and 2120.A1).
Answer (A) is incorrect because Internal auditors should ascertain the extent to which results are consistent with established goals and objectives (Standard 2120.A3).
Answer (C) is incorrect because Evaluating controls over compliance with laws, regulations, and contracts is within the scope of internal auditing (Standard 2120.A1).
Answer (D) is incorrect because Ascertaining the extent to which operating and program objectives and goals have been established is within the scope of internal auditing (Standard 2120.A2).
|
