Answer (D) is correct. The internal audit activity evaluates and contributes to the improvement of risk management, control, and governance processes using a systematic and disciplined approach (Standard 2100). According to PA 2100-1, internal auditors evaluate the whole management process of planning, organizing, and directing to determine whether reasonable assurance exists that objectives and goals will be achieved. These evaluations, in the aggregate, provide information to appraise the overall management process. All business systems, processes, operations, functions, and activities within the organization are subject to the internal auditors’ evaluations. The comprehensive scope of work of internal auditing should provide reasonable assurance that management’s ? Risk management system is effective. ? System of internal control is effective and efficient. ? Governance process is effective by establishing and preserving values, setting goals, monitoring activities and performance, and defining the measures of accountability.