What grants the internal audit activity the authority to access records relevant to an audit engagement?

The internal audit activity is granted the authority to access records relevant to an audit engagement primarily through the internal audit charter. The internal audit charter is a formal document that outlines the purpose, authority, and responsibility of the internal audit function. It is a key component that establishes the internal auditor’s role within the organization and delineates the scope of their activity, including the access to records, personnel, and physical properties as needed for audit purposes.

The charter is typically approved by the board of directors or senior management, providing a solid foundation for the internal auditors to carry out their work without hindrance. This authority is essential for ensuring that auditors can perform their tasks effectively and with the necessary information, enabling them to evaluate the adequacy and effectiveness of the organization’s governance, risk management, and internal controls.

Access to relevant records is fundamental to conducting thorough and objective audits, and the internal audit charter serves as the authoritative source that legitimizes this access, ensuring that the internal auditors can fulfill their responsibilities effectively. Other options, while they may play roles in guiding internal audit activities or documenting decisions, do not provide the necessary authority to access records in the same way the internal audit charter does.