Certified Information Systems Auditor (CISA) — Question 510

A chief information officer (CIO) has asked an IS auditor to implement several security controls for an organization's IT processes and systems. The auditor should:

Answer options

• A. refuse due to independence issues.
• B. communicate the conflict of interest to audit management.
• C. perform the assignment and future audits with the due professional care.
• D. obtain approval from executive management for the implementation.

Correct answer: B

Explanation

Option B is correct because the auditor must disclose any conflict of interest to maintain transparency and uphold the integrity of the audit process. Option A is incorrect, as outright refusal may not be necessary if the conflict is managed properly. Option C is also wrong because performing the assignment without addressing the conflict first could compromise the audit's impartiality. Option D is not the best choice as obtaining approval does not resolve the conflict of interest issue.