Exam CISA topic 1 question 256 discussion

Auditors should maintain independence and objectivity, which means they should not take on operational responsibilities (like implementing controls) because doing so could compromise their ability to provide an unbiased audit opinion.

While refusing to perform the task is one way to handle the situation, communicating the conflict ensures that the issue is formally acknowledged and managed according to organizational policies. This approach helps in maintaining professional standards and ensuring that the audit function remains effective and unbiased.

Because IS auditor should be implement security controls for the organisation's IT processes & systems, it should be the responsibilities of IT dept/IT Manager.

I will go with ChatGPT, i choose C. Option C (perform the assignment and future audits with the due professional care) is the most appropriate choice because it acknowledges the conflict of interest but implies that the auditor should proceed with the assignment while maintaining professional standards and integrity. This includes ensuring that the audit is conducted objectively and independently, despite the potential conflict posed by the CIO’s request.

While it's essential for IS auditors to maintain independence and objectivity in their work, outright refusal may not always be necessary or practical. By communicating the conflict of interest to audit management, the auditor can ensure that appropriate steps are taken to address the situation while still fulfilling the organization's needs.

The correct decision for an auditor would be to reject the request due to independence issues.

C. perform the assignment and future audits with the due professional care.