According to IIA guidance, which of the following statements is true regarding the chief audit executive's (CAE’s) responsibility for following up on management action plans?
A.
Follow-up activities must be performed on an ongoing basis, such as quarterly, rather than being scheduled as specific assignments in the internal audit plan
B.
The primary purpose of the CAE’s follow-up activities is to verify whether the audit issues raised in the audit report are valid
C.
The CAE may plan follow-up activities on a selective basis, depending on risk significance, to verify whether management action plans were completed
D.
Where management believes certain action plans are no longer necessary, the CAE must resolve the matter with the board and if the matter remains unresolved, communicate to senior management
The CAE is responsible for monitoring progress selectively based on risk significance. Not every recommendation requires follow-up with the same intensity. Instead, the CAE should focus on high-risk issues and verify whether management has taken corrective actions.
Option A is too rigid and does not reflect risk-based prioritization. Option B is incorrect because the purpose of follow-up is not to revalidate audit issues but to ensure corrective actions were implemented. Option D incorrectly reverses the escalation order (unresolved issues must go from management → senior management → board).
[Reference:, IIA Standards – Standard 2500: Monitoring Progress., , ]
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit