What type of assurance does internal auditing provide to management and the board?

Internal auditing provides independent, risk-based assurance to management and the board, which is essential for effective governance and risk management in an organization. This type of assurance helps ensure that the organization’s risk management, control, and governance processes are operating effectively and are aligned with the overall objectives.

The independence of internal auditors allows them to provide objective assessments without bias, offering a clear perspective on the effectiveness and efficiency of operations. By focusing on risk, internal auditors help identify significant areas that could impact the organization's ability to achieve its goals, enabling management and the board to allocate resources and attention where needed most.

The other options do not fully capture the essence of what internal auditing entails. For instance, risk-limited assurance does not convey the comprehensive assessment that internal auditing provides regarding risk management practices. Performance-based assurance may overlook other critical components of internal control and governance. Conclusive evidence assurance implies an absolute certainty, which is not realistic in an auditing context, as assurance levels vary based on the evidence obtained and the inherent uncertainties in the organization's operations.