Comprehensive and Detailed Step-by-Step Explanation:
Reference to IIA Standards:
Standard 2130 - Control: Internal audit must evaluate and contribute to the improvement of
governance, risk management, and control processes.
Designing or operating controls (Options A and B) risks impairing internal audit independence
(Standard 1100).
Reasoning:
Option C aligns with internal audit's role of evaluating internal controls objectively.
Option A could involve a management function, which compromises independence.
Option B focuses on monitoring, a management responsibility, and does not leverage internal audit’s
evaluative expertise.
Best Practice:
By evaluating controls, internal auditors provide actionable insights that help improve control
effectiveness and efficiency without compromising independence.
