Detailed Answer
Answer (A) is correct. The purpose, authority, and responsibility of the internal audit activity should be formally defined in a charter, consistent with the Standards, and approved by the board (Standard 1000). The charter should establish the internal audit activity’s position within the organization; authorize access to records, personnel, and physical properties relevant to the performance of engagements; and define the scope of internal audit activities (PA 1000-1). Approval of the charter by the board protects the internal audit activity from management actions that could weaken its status.