Exam CISA topic 1 question 1185 discussion

From Isaca Q&A database: The information systems (IS) auditor should perform additional testing to ensure that it is a finding. An auditor can quickly lose credibility if it is later discovered that the finding was not justified or accurate.

This option emphasizes responding quickly to potential misconduct. Notifying the audit committee raises the issue's importance so that appropriate action can be taken.

By notifying the audit committee first, the auditor initiates the appropriate channels for further investigation and action.

Answer B suggests sharing the potential audit finding with the security administrator. This is a good option, as the security administrator is responsible for maintaining the security of the organization's information systems. They may be able to help investigate the potential fraud and take appropriate actions to prevent further damage. In conclusion, the best course of action for the IS auditor is to share the potential audit finding with the security administrator, perform more detailed tests to verify the findings, and then review the audit finding with the audit committee. This ensures that the investigation is conducted effectively and efficiently while minimizing the risk of alerting the suspected fraudster.

When an IS auditor identifies potential fraud activity, the first step should be to perform more detailed tests to gather additional evidence and validate the findings. It is crucial to ensure the accuracy and completeness of the audit findings before taking further actions. Performing additional tests before disclosing audit results helps ensure that the auditor has a comprehensive and accurate understanding of the situation, allowing for more informed communication with relevant stakeholders. This approach strengthens the credibility of the audit findings and supports a more effective and timely resolution.

C is correct

C. Perform more detailed tests prior to disclosing the audit results.