Which of the following scenarios violates The IIA's standard regarding internal audit independence?
A.
The chief audit executive (CAE) reports on the internal audit activity's day-to-day tasks and responsibilities to the CEO.
B.
An assessment of the risk management function is reviewed by an outside consulting firm because the CAE is temporarily fulfilling the role of risk manager.
C.
The CAE regularly meets with the organization's chief risk officer, who validates all reported audit findings and dictates which will be Included In the package to the audit committee.
D.
The internal audit activity will experience staffing shortages for the next six months due to planned and unplanned leaves of absence; therefore the CAE proposed including fewer audits in the annual audit plan compared to the previous financial year.
This scenario violates The IIA's standards regarding internal audit independence because the chief risk officer's involvement in validating and dictating which audit findings are included in the audit committee reports undermines the independence of the internal audit activity. Independence is compromised when audit findings are subject to alteration or selection by another party within the organization, particularly one involved in managing risks that the audit may be assessing.
The IIA's International Standards for the Professional Practice of Internal Auditing, specifically standards related to independence.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit