What should internal auditors do when assessing internal control design?

When assessing internal control design, it is critical for internal auditors to consider fraud risks. This focus on fraud risks allows auditors to identify vulnerabilities within the organization's internal controls that could potentially be exploited for fraudulent purposes. By acknowledging and understanding these risks, auditors can provide valuable insights and recommendations to strengthen the controls, thereby enhancing the organization’s overall risk management framework.

Considering fraud risks is an integral part of a comprehensive internal audit approach, as it ensures that the internal controls not only comply with standards and regulations but also effectively prevent and detect fraudulent activities.

The other options do not align with best practices for internal auditing. Ignoring potential fraud risks would leave the organization exposed to significant threats that could undermine the integrity of financial reporting. Relying solely on external auditors for opinions does not provide a complete assessment of internal controls, as internal auditors possess a unique understanding of the organization’s specific processes and environment. Focusing exclusively on compliance audits limits the scope of internal auditing and overlooks the importance of fraud risk management. Thus, the correct course of action is to actively consider and assess fraud risks within the internal control design process.