Certified Information Systems Auditor (CISA) — Question 285

Which of the following is a threat to IS auditor independence?

Answer options

• A. Internal auditors recommend appropriate controls for systems in development
• B. Internal auditors attend IT steering committee meetings.
• C. Internal auditors design remediation plans to address control gaps identified by internal audit
• D. Internal auditors share the audit plan and control test plans with management prior to audit commencement.

Correct answer: C

Explanation

Option C is correct because if internal auditors are involved in designing remediation plans, it can compromise their objectivity in evaluating those controls later. Options A, B, and D do not inherently threaten auditor independence as they involve participation or sharing information without direct involvement in control design.