Home MCQs CISA Question #1739
Back to Questions
CISA QUESTION #1739
Question 1
In regulatory language, what is the operative distinction between the words 'should' and 'shall'?
  • 'Shall' denotes discretionary requirements while 'should' provides advisory guidance.
  • 'Should' signals mandatory obligations whereas 'shall' provides advisory recommendations.
  • 'Should' and 'shall' are functionally equivalent; interpretation depends on the specific audit context.
  • 'Should' denotes actions that are discretionary based on circumstances, while 'shall' indicates that the action is obligatory regardless of financial or operational impact.✔️
Correct Answer Explanation
In regulatory and legal drafting, 'shall' is a term of compulsion — it imposes a non-negotiable mandatory obligation that must be complied with regardless of cost, convenience, or financial impact. 'Should', by contrast, is a term of recommendation — it signals strongly advised but ultimately discretionary action. Auditors must be alert to this distinction when evaluating regulatory compliance, since mistaking a 'shall' requirement for a 'should' recommendation constitutes a material error in compliance assessment.