Which of the following statements accurately describes the responsibility of the internal audit activity (IAA) regarding IT governance?
1. The IAA does not have any responsibility because IT governance is the responsibility of the board and senior management of the organization.
2. The IAA must assess whether the IT governance of the organization supports the organizations strategies and objectives.
3. The IAA may assess whether the IT governance of the organization supports the organizations strategies and objectives.
4. The IAA may accept requests from management to perform advisory services regarding how the IT governance of the organization supports the organizations strategies and objectives.