Certified Information Systems Auditor (CISA) — Question 896

Which of the following is the PRIMARY reason an IS auditor should discuss observations with management before delivering a final report?

Answer options

• A. Identify business risks associated with the observations.
• B. Validate the audit observations.
• C. Assist the management with control enhancements.
• D. Record the proposed course of corrective action.

Correct answer: B

Explanation

The primary reason for discussing observations with management is to validate the audit observations, ensuring that the findings are accurate and understood. While identifying risks, assisting with enhancements, and recording corrective actions are important, they are secondary to confirming the validity of the observations before the final report is issued.