Complete IIA-CIA-Part2 IIA Materials

The most important group or individual for the CAE to consult to determine the scope of the audit regarding compliance with new environmental regulations is the environmental, health, and safety manager. This individual or group has specialized knowledge about the organization’s operations, regulatory requirements, and existing controls related to environmental compliance. Consulting with the environmental, health, and safety manager ensures that the audit scope is comprehensive and accurately addresses the pertinent risks and compliance requirements. References: IIA Standard 2201 – Planning Considerations, IIA Practice Advisory 2210.A1-1

According to IIA guidance, an internal audit activity that provides overall assurance on governance, risk, and control, advises and influences senior management, and leverages the organization's management of risk is best described as being in the "Managed" stage of internal audit maturity. This stage indicates a well-established internal audit function that is integrated into the organization's governance framework and plays a proactive role in risk management and strategic decision-making. References:

The IIA’s Maturity Model for the Internal Audit Activity.

The IIA’s Practice Guide on Internal Audit’s Role in Governance, Risk, and Control.

Comprehensive and Detailed Explanation:

An effective ethics program requires clear policies, communication, monitoring, and investigation procedures. To evaluate its adequacy, the auditor should examine established investigation protocols (B) — i.e., how allegations of misconduct are handled, investigated, and resolved. The strategic plan (A) is high-level and does not directly address ethics processes. The overall budget (C) is too broad, and officer remuneration (D) is not core evidence of program quality. According to IIA guidance, assessing the ethics program involves verifying that mechanisms exist for reporting, investigating, and addressing ethical issues. Therefore, the most relevant scope element is Option B.

The role of the CAE includes ensuring that all significant risks, including those related to health and safety, are properly managed. Even though the chief health and safety officer reports directly to the CEO, the CAE should still coordinate with and review the work of this officer to understand and evaluate the management of health and safety risks. This helps ensure a comprehensive risk management approach within the organization and supports the overall assurance framework. It is not appropriate for the CAE to have no role (Option A), report directly to the regulator (Option C), or hire an external specialist annually without internal coordination (Option D).

IIA Standard 2010: Planning.

IIA Practice Guide on Coordinating Risk Management and Assurance.