COSO is quoted in this chapter as follows: “…internal auditors provide assurance and advisory support to management on internal control…the internal audit function includes evaluating the adequacy and effectiveness of controls in responding to risks within the organization’s oversight, operations, and information systems… [Moreover,] [t]he scope of internal auditing is typically expected to include oversight, risk management, and internal control, and assist the organization in maintaining effective control by evaluating their effectiveness and efficiency and by promoting continual improvement. Internal audit communicates findings and interacts directly with management, the audit committee, and/or the board of directors.” Answer the following questions related to this quote.

a. Is an organization’s internal audit function part of its system of internal controls? If your answer is yes, explain how the internal audit function can evaluate the design adequacy and operating effectiveness of internal controls and at the same time remain independent of the organization’s system of internal controls. If your answer is no, explain the internal audit function’s role relative to the organization’s system of internal controls.

b. If monitoring is, by definition, a component of internal control for which management is responsible, is it really appropriate for the internal audit function to perform monitoring activities? Explain your answer.