Certified Information Systems Auditor (CISA) — Question 1238

During a closing meeting, the IT manager disagrees with a valid audit finding presented by the IS auditor and requests the finding be excluded from the final report. Which of the following is the auditor's BEST course of action?

Answer options

• A. Remove the finding from the report and continue presenting the remaining findings.
• B. Provide the evidence which supports the finding and keep the finding in the report.
• C. Modify the finding to include the IT manager's comments and inform the audit manager of the changes.
• D. Request that the IT manager be removed from the remaining meetings and future audits.

Correct answer: B

Explanation

The correct answer is B because the auditor must uphold the integrity of the audit process by retaining valid findings backed by evidence. Removing the finding or modifying it based on the IT manager's request would undermine the audit's credibility, while excluding the manager from future meetings does not address the current issue.