Internal audit is an independent and objective function that provides assurance and consulting services to the enterprise on the effectiveness and efficiency of its governance, risk management,and control processes1. By including internal audit as a stakeholder, the enterprise can benefit from its knowledge, expertise, and perspective on IT-related issues and risks, such as IT strategy alignment, IT performance measurement, IT value delivery, IT resource management, IT risk management, and IT compliance2. Internal audit can also provide input on the design, implementation, and evaluation of the IT governance framework, policies, standards, and procedures, as well as recommend improvements and best practices2. Therefore, internal audit provides input on relevant issues and control processes, which is the most important reason to include it as a stakeholder when establishing clear roles for the governance of IT.
The other options are not as important or accurate as option D. Internal audit does not have knowledge and technical expertise to advise on IT infrastructure, as this is not its primary role or responsibility. Internal audit is not accountable for the overall enterprise governance of IT, as this is the responsibility of the board of directors and senior management3. Internal audit does not implement controls over IT risks and security, as this is the responsibility of the IT function and other business units4.
