According to IIA, Monitoring is "a process that assesses the presence and functioning of governance, risk management, and control over time.". The internal audit activity does not evaluate the fraud risk, but evaluates the effectiveness of fraud risk management processes.

One of the roles internal audit shouldn't undertake is imposing risk management processes and the assessing the risk of fraudulent activity in the organization's risk management program is considered imposing and is not the role of IA , even there are some legislative roles should be undertaken with safeguards like facilitating , coaching and coordinating in RM Process. A & B considered core roles or assurance in regard RM. D Considered consulting in regard RM.

A looks more like it for me because while assessing risk may seem like a risk management role, Auditors are expected to assess fraud risk then conduct full investigation of fraud!

The question asks about LEAST appropriate. Please read the questions wisely.

Neden B değil ?

I think its because we are talking about the organisations risk management program

why not a, IA doesnt have the expertise to conduct full investigation of fraud right?

I am not convinced that C is the correct answer.

the auditors role in Risk Management is to evaluate.. then, what is the difference between assessment and evaluate？

Assessing the risk or Risk Assessment is one of the process in Risk Management and Auditor is not expected to directly get involved/participate in Risk Management function.

It is already concluded as fraudulent activity and hence no assessment is required.

why is the answer C?