Home MCQs CISA Question #1736
Back to Questions
CISA QUESTION #1736
Question 1
When problems are identified during an audit engagement, what is the appropriate way for the auditor to handle the remediation process?
  • The auditor should assume ownership of the issue and actively participate in developing a corrective action plan.
  • The auditor should determine the severity of the issue and then prescribe a specific solution after evaluating the business impact.
  • The auditor can add substantial value by defining the detailed remediation steps required to fix the problem.
  • The auditor must not take ownership of identified problems and should limit involvement to providing general guidance — leaving the auditee responsible for designing their own remediation plan.✔️
Correct Answer Explanation
Auditor objectivity and independence require that the auditor never become an active participant in fixing the problems they have identified. Once an auditor takes ownership of a remediation plan, they can no longer independently and objectively evaluate whether the remediation is adequate — they have effectively become part of the process they are supposed to audit. The auditor's proper role is to identify, describe, and provide general context for problems; solution design belongs to the auditee.