Resolving Divergent Corrective Actions in IS Audit

A.

As an IS auditor, it is important to ensure that management implements corrective actions that address the root cause of the issue identified during the audit. If management has implemented corrective actions that are different from those agreed upon with the audit function, it may indicate a breakdown in communication or understanding of the issue.

The BEST course of action for the IS auditor in this situation would be to determine whether the alternative controls implemented by management sufficiently mitigate the risk. This involves reviewing the alternative controls and assessing whether they address the root cause of the issue and effectively reduce the risk.

If the alternative controls are found to be sufficient, the IS auditor should record the results and close the audit. However, if the alternative controls do not effectively mitigate the risk or do not address the root cause of the issue, the IS auditor should escalate the matter to senior audit management and work with management to implement the originally agreed-upon corrective actions.

Rejecting the alternative controls and re-prioritizing the original issue as high risk is not the BEST course of action, as it may not address the issue effectively and could lead to further breakdowns in communication and trust between the audit function and management.

Postponing follow-up activities and escalating the alternative controls to senior audit management is also not the BEST course of action, as it may delay the resolution of the issue and could cause additional issues to arise.

Scheduling another audit due to the implementation of alternative controls is not necessary if the alternative controls are found to be sufficient in mitigating the risk.

In summary, the IS auditor's BEST course of action is to determine whether the alternative controls implemented by management sufficiently mitigate the risk and work with management to implement the originally agreed-upon corrective actions if necessary.