Internal audit may rely on the work of other internal assurance providers (such as finance or compliance), provided it has assessed the adequacy, competence, and objectivity of the work. This avoids duplication and increases efficiency.

Option B incorrectly assumes internal work cannot be relied upon. Option C shifts responsibility inappropriately. Option D ignores coordination opportunities.

A decentralized organizational structure distributes decision-making authority across different business units or geographic regions. One major advantage is the ability to tap into a larger talent pool, as decision-making is not restricted to headquarters, and leadership opportunities exist at multiple levels.

(A) Greater cost-effectiveness.

Incorrect. A decentralized structure often increases costs due to duplicate resources, additional oversight, and inefficiencies from fragmented decision-making.

(B) Increased economies of scale.

Incorrect. Centralized organizations benefit more from economies of scale because they can standardize processes and consolidate purchasing power. Decentralization reduces these benefits by spreading decision-making across multiple locations.

(C) Larger talent pool. ✅

Correct. Decentralization allows organizations to recruit, develop, and retain talent in different locations, rather than relying solely on headquarters for leadership roles.

This aligns with IIA Standard 2110 – Governance, which emphasizes the importance of leadership distribution and talent management in organizations.

(D) Strong internal controls.

Incorrect. Centralized structures typically have stronger internal controls, as decision-making and risk management are closely monitored. Decentralization increases the risk of inconsistent controls across different units.

IIA Standard 2110 – Governance

COSO Framework – Organizational Structure and Risk Management

IIA GTAG – " Auditing Business Strategy Alignment "

Analysis of Answer Choices:IIA References:Thus, the correct answer is C, as decentralization expands the talent pool by enabling local decision-making and leadership development.

A sound network configuration practice should focus on enhancing security, preventing unauthorized access, and ensuring data integrity. The validation of intrusion prevention controls ensures that the network security measures function as intended and effectively protect data from threats.

(A) Change management practices to ensure operating system patch documentation is retained.

Incorrect: While maintaining patch documentation is important, change management alone does not directly enhance network security.

(B) User role requirements are documented in accordance with appropriate application-level control needs.

Incorrect: This practice improves access control and governance, but it is not a direct network security configuration practice.

(C) Validation of intrusion prevention controls is performed to ensure intended functionality and data integrity. (Correct Answer)

Intrusion Prevention Systems (IPS) help detect and prevent malicious activities in real time.

Ensuring proper validation enhances security and prevents data corruption.

IIA GTAG 15 – Information Security Governance recommends continuous monitoring and validation of security controls.

(D) Interfaces reinforce segregation of duties between operations administration and database development.

Incorrect: Segregation of duties is a good governance practice, but it does not directly relate to network security configuration.

IIA GTAG 15 – Information Security Governance: Recommends validating security controls, including intrusion prevention systems.

IIA Standard 2120 – Risk Management: Encourages proactive security controls to prevent cyber threats.

Analysis of Each Option:IIA References Supporting the Answer:Thus, the correct answer is (C) Validation of intrusion prevention controls, as it directly enhances information security by ensuring real-time threat detection and data integrity.

In project integration management, the coordination of technical and organizational interfaces typically occurs during the Project Plan Execution phase. At this stage, project managers and teams work together to:

Implement the project plan.

Manage interdependencies between technical and business processes.

Ensure all project components are aligned.

Coordinate different stakeholders, vendors, and internal teams.

(A) Project plan development:

This phase involves defining objectives, scope, timelines, and resource allocation but does not focus on coordination of interfaces.

(B) Project plan execution (Correct Answer):

This phase involves implementing the project and actively managing its technical and organizational interfaces, making it the correct answer.

(C) Integrated change control:

This process ensures that project changes are properly managed, but it does not focus on initial coordination of interfaces.

(D) Project quality planning:

This phase focuses on setting quality standards and criteria, but not on the integration of technical and organizational interfaces.

IIA Practice Guide: Auditing Projects – Highlights that project execution is where coordination across different teams and stakeholders is critical.

PMBOK Guide (Project Management Body of Knowledge) – States that integration management during execution ensures that all elements of the project work together effectively.

COSO ERM Framework – Supports the alignment of business processes and technical execution as part of risk management.

Analysis of Each Option:IIA References:Conclusion:Since technical and organizational coordination is essential during project execution, option (B) is the correct answer.