During an audit, an employee, who does not want to be identified, offers to provide information that would be damaging to the organization and may concern illegal activities. Which of the following actions by the auditor would not be consistent with the IIA Code of Ethics and Standards?
An auditor should not make promises they cannot guarantee, such as promising to maintain complete anonymity of an employee who provides information. This would be inconsistent with the IIA Code of Ethics, which emphasizes integrity, objectivity, and confidentiality. The auditor can ensure the employee that an attempt will be made to keep the information confidential, but an outright promise could lead to ethical and legal complications.
Can't figure out the difference between answer A and C, they looks the same
A is "promising" confidentiality whereas C is informing that an "attempt" would be made to keep it confidential.
In one hand, the internal auditor can't promise nor guarantee anonymity (on non-privacy issues). The auditor must remain independent. On the other hand, the internal auditor may not disclose information (e.g., to the Internal Corporate Attorney or the Compliance Officer) without having the outline of the issue.