During the discussion of a draft audit report, IT management provided suitable evidence that a process has been implemented for a control that had been concluded by the IS auditor as ineffective. Which of the following is the auditor's BEST action?
A.
Explain to IT management that the new control will be evaluated during follow-up.
B.
Add comments about the action taken by IT management in the report.
C.
Change the conclusion based on evidence provided by IT management.
D.
Re-perform the audit before changing the conclusion.
Hear me out: the auditor's best action is to acknowledge that the new control has been put in place, but explain that it will be evaluated during a follow-up audit. The auditor should not change the conclusion of the current audit, as the control's effectiveness has not yet been fully verified. A follow-up audit or evaluation will allow the auditor to assess whether the control is functioning effectively over time so A is the answer.
somehow mor ecomfort with option D, we need further verify the new evidence and comment is not necessary to put on the drat report, since its just a draft and the final report should reflect the real conditions
The best action is to re-perform the audit (Option D) before changing the conclusion. This allows the auditor to independently confirm that the new or revised control is effective and addresses the previously identified issues. Only after this verification can the auditor update the audit report to reflect the current state of the control environment accurately.
In summary, while Option C might seem efficient, it does not provide the necessary level of assurance that the control is effective. The auditor's responsibility is to maintain independence and objectivity, and this is best achieved by re-performing the audit (Option D) to verify the effectiveness of the new control before changing any conclusions in the report
During the audit, finding has been fixed. So auditors cannot remove the finding from the report but can add the comments about the action taken by auditees.
D should be the answer. By re-performing the audit, the auditor ensures that their conclusion is based on the most up-to-date and accurate information. It allows for a more comprehensive evaluation of the control's effectiveness and provides a more reliable basis for reporting and decision-making.
adding comments about the action taken by IT management in the report (option B) may be appropriate actions, they should be accompanied by a thorough REASSESSMENT of the control's effectiveness.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
1Naa
5 days, 6 hours agoSwallows
5 months, 3 weeks agoKAP2HURUF
6 months agoKAP2HURUF
6 months ago001Yogesh
1 year agoshiowbah
1 year, 1 month agoJONESKA
1 year, 5 months agoDavid_Hu
1 year, 11 months ago