Answer (C) is correct . The purpose, authority, and responsibility of the internal audit activity should be formally defined in a charter, consistent with the Standards , and approved by the board (Standard 1000). Furthermore, PA 1000-1 states that the CAE should seek approval of the charter by senior management. The charter should establish the internal audit activity’s position within the organization; authorize access to records, personnel, and physical properties relevant to the performance of engagements; and define the scope of internal audit activities.
Answer (A) is incorrect because The controller is not the only member of management.
Answer (B) is incorrect because The Standards provide no actual authority to the internal audit activity.
Answer (D) is incorrect because Management and the board, not a committee of the board and a particular manager, endow the internal audit activity with its authority.
|
