A
AcadiFi
RE
RelianceJules2026-05-20
ciaCIA Part 3Coordination and RelianceAssurance Mapping

When can internal audit rely on risk management's work?

35 upvotes
AcadiFi TeamVerified Expert
AcadiFi Certified Professional

author: AcadiFi Team

Answer:

Internal audit can consider relying on risk management's work when the work is relevant to the audit objective and the CAE or engagement team has a documented basis for reliance. That basis should consider scope, competence, objectivity, methodology, evidence quality, and whether the work was performed recently enough.

For example, a mature risk management function's vendor risk assessment may help audit planning. But if internal audit is issuing assurance over vendor risk controls, it may still need to test selected controls directly.

Reliance can reduce duplication, but it does not remove internal audit's responsibility for its conclusion.

🔍

Master CIA Part 3 with our CIA Course

45 lessons · 90+ hours· Expert instruction

View Course — $199All-Access $49/mo
#reliance#assurance-providers#erm#evidence-quality

Related Questions

What should an auditor do if a supervisor weakens a supported finding?

cia·CIA Part 2·46 upvotes

How should auditors prepare for a technical exit meeting?

cia·CIA Part 2·35 upvotes

When should audit quality concerns be escalated beyond the engagement team?

cia·CIA Part 2·56 upvotes

How does business knowledge affect internal audit quality?

cia·CIA Part 2·51 upvotes

Where should an auditor begin a full-company internal control audit?

cia·CIA Part 2·51 upvotes

Related Articles

Risk Management and Internal Audit: How to Coordinate Without Blurring the Three Lines

12 min read

Practice Questions

Test your knowledge with our CIA question bank.

Try Practice Questions

Join the Discussion

Ask questions and get expert answers.

Join Now