Home MCQs CISA Question #1738
Back to Questions
CISA QUESTION #1738
Question 1
What is the primary justification for securing and protecting audit documentation and working papers throughout and after an engagement?
  • Audit evidence must be made publicly available to satisfy regulatory disclosure obligations.
  • A documented paper trail is required to substantiate that the auditor's conclusions are correct and the auditee was wrong.
  • The auditor may need to prove illegal activity in a judicial proceeding.
  • Audit working papers often contain highly confidential information that must be protected from unauthorised disclosure or loss, and must be safeguarded through appropriate security and backup controls.✔️
Correct Answer Explanation
Audit documentation inevitably contains sensitive and confidential information about the client's systems, processes, vulnerabilities, and personnel. Disclosure of this material could cause serious harm — including enabling further attacks or exploitation. The auditor is professionally and ethically obligated to implement appropriate controls to protect the confidentiality, integrity, and availability of all audit documentation, including maintaining secure backups.