How should internal audit protect objectivity after giving policy advice?

author: Verified Expert

• Related article: cia-policy-drafting-advisory-boundary-map
• Related question-bank placeholders: ["future-assurance-after-policy-advice", "objectivity-threat-policy-approval"]
• Question: How should internal audit protect objectivity after giving policy advice?
• Question detail:
• If internal audit helps management improve a policy, can it audit that policy later?
• Answer:
• It depends on the extent of internal audit's role and the safeguards used. If internal audit only provided general criteria or reviewed management's draft, future assurance may be possible with proper documentation and review. If internal audit effectively designed the policy or made management decisions, future assurance over that policy creates a self-review threat.
• Useful safeguards include documenting the advisory scope, confirming management ownership, assigning a different auditor for later assurance, adding independent review, narrowing the audit objective, or using an outside party for high-risk assurance work.
• The exam answer should avoid absolutes. The better answer identifies the prior role, assesses objectivity risk, applies safeguards, and discloses unresolved impairment through the appropriate governance channel.