Certified Information Systems Auditor (CISA) — Question 567

An IS auditor who was instrumental in designing an application is called upon to review the application. The auditor should:

Answer options

• A. inform audit management of the earlier involvement.
• B. modify the scope of the audit.
• C. refuse the assignment to avoid conflict of interest.
• D. use the knowledge of the application to carry out the audit.

Correct answer: A

Explanation

The correct answer is A because the auditor's prior involvement must be disclosed to ensure transparency and maintain the integrity of the audit process. Modifying the scope (B) or refusing the assignment (C) may not be necessary if the auditor appropriately communicates their involvement. Using their knowledge (D) without informing management could lead to ethical concerns and potential bias.