Answer (B) is correct. Safeguarding assets is an operational activity and is therefore beyond the scope of the internal audit activity, which evaluates and contributes to the improvement of risk management, control, and governance processes. However, internal auditors should evaluate risk exposures relating to governance, operations, and information systems regarding the safeguarding of assets. Based on the risk assessment, they should evaluate the adequacy and effectiveness of controls encompassing governance, operations, and information systems. This evaluation extends to safeguarding of assets (Standards 2110.A2 and 2120.A1).