An IS auditor previously worked in an organization’s IT department and was involved with the design of the business continuity plan (BCP). The IS auditor has now been asked to review this same BCP. What should the auditor do FIRST?
An IS auditor previously worked in an organization’s IT department and was involved with the design of the business continuity plan (BCP). The IS auditor has now been asked to review this same BCP. What should the auditor do FIRST?
Whenever an IS auditor identifies a potential conflict of interest, the first step should be to communicate this conflict to the audit manager. This ensures transparency and allows the audit manager to evaluate the extent of the conflict and decide on the appropriate course of action. This might include reassigning the audit to a different auditor or implementing measures to mitigate any bias concerns. This step is crucial in maintaining the integrity and objectivity of the audit process.
C is correct
answer is C
C is better
C. Communicate the conflict of interest to the audit manager. It is essential for auditors to be transparent about any potential conflicts of interest. By communicating this conflict to the audit manager, the auditor is taking the necessary step to disclose the situation. The audit manager can assess the nature and extent of the conflict. They can determine whether the auditor's previous involvement in the BCP design poses a real or perceived bias in the audit process. The audit manager, after evaluating the situation, can make an informed decision about how to proceed. This may involve measures to mitigate the conflict, such as assigning the audit to a different auditor or implementing additional review processes to ensure objectivity.
Clearly it is C