According to the IIA guidance, when determining the need to follow-up on recommendations, the internal audit activity should consider factors such as the degree of effort and cost needed to correct the reported condition, the complexity of the corrective action, and the impact that may result should the corrective action fail. These factors are critical in assessing the importance and urgency of follow-up. However, the amount of resources required to conduct the follow-up activities should not be a primary consideration, as the focus should be on the significance of the issues and the potential risks associated with them. Reference: IIA Standard 2500 -- Monitoring Progress, IIA Practice Advisory 2500.A1-1

According to IIA guidance, an appropriate role for the internal audit activity with regard to the organization's risk management program is to attain an adequate understanding of the organization's key risk mitigation strategies. This enables internal auditors to evaluate the effectiveness of risk management processes and provide assurance on the adequacy of risk controls. Identifying and managing risks, ensuring risk management processes exist, and ensuring controls exist to mitigate risks are responsibilities of management, not internal audit.

IIA Standards: 2120 - Risk Management

IIA Practice Guide: Internal Audit's Role in Risk Management

The best description of the organization's procedures in this context is that they represent a cause of the organization's accumulation of large travel advances. The lack of a requirement for justification for travel advances greater than a specific amount is a procedural gap that directly contributes to the accumulation of large travel advances. This gap in the procedure is the root cause that leads to the observed condition of large travel advances accumulating without sufficient oversight or justification. Reference: IIA's International Standards for the Professional Practice of Internal Auditing, Standard 2310 -- Identifying Information, and related practice advisories on root cause analysis in audit observations.

When developing the work program for an engagement reviewing an organization's small contracting services, the chief audit executive (CAE) should consider the organization's recent changes to how it processes payments. Changes in payment processing can significantly impact the control environment and may introduce new risks or control gaps. Understanding these changes will help the CAE design appropriate audit procedures to evaluate the effectiveness of the controls over the new processes.

The Institute of Internal Auditors (IIA) Practice Guide: Developing the Internal Audit Strategic Plan

IIA Standard 2200 - Engagement Planning

Step-by-Step Detailed Explanation:

A . Book value per common share ratio is lower than that of the prior year:

This represents year-over-year comparison, which is an example of historical benchmarking, not internal benchmarking.

B . Staff turnover ratio is higher than the comparable organization in the same industry:

This represents external benchmarking, as it involves comparing against a peer organization.

C . Utilities expense of the sales unit is higher than that of the customer service unit:

Correct. This is internal benchmarking, as it compares performance metrics within the same organization.

D . Sales are significantly higher than the industry's average for five years:

This is an example of external benchmarking against the industry standard.

CIA Exam Syllabus Reference:

Domain V: Performing Internal Audit Services -- Benchmarking Techniques.