Internal audit activities, according to the IIA guidance on IT auditing, typically focus on established processes, controls, and adherence to policies rather than on the creation or development of policies themselves. Areas usually examined by the internal audit activity include system access security, change management processes, and operational processes to ensure they align with organizational policies and standards. Therefore, policy development is not typically an area examined by the internal audit activity.