Certified Information Systems Auditor (CISA) — Question 1293

An auditee disagrees with a recommendation for corrective action that appears in the draft engagement report. Which of the following is the IS auditor's BEST course of action when preparing the final report?

Answer options

• A. Come to an agreement prior to issuing the final report.
• B. Ensure the auditee's comments are included in the working papers.
• C. Exclude the disputed recommendation from the final engagement report.
• D. Include the position supported by senior management in the final engagement report.

Correct answer: A

Explanation

The best approach is to reach an agreement prior to issuing the final report, as this can foster collaboration and ensure that all parties are on the same page. Including the auditee's comments in the working papers (option B) is important but does not resolve the disagreement. Excluding the recommendation (option C) may overlook important corrective actions, and including senior management's position (option D) does not address the auditee's concerns directly.