During an audit, the client learns that the IS auditor has recently completed a similar security review at a competitor.
The client inquires about the competitor's audit results.
What is the BEST way for the auditor to address this inquiry?
Click on the arrows to vote for the correct answer
A. B. C. D.A.
As an IS auditor, maintaining client confidentiality is of utmost importance. Therefore, it is important to handle the situation in a manner that upholds this principle.
A. The best response to the client's inquiry is to explain that it would be inappropriate to discuss the results of another audit client. This option upholds client confidentiality and ensures that the IS auditor is not violating any ethical or legal obligations.
B. Escalating the question to the audit manager may not necessarily solve the problem, as the manager may not have the appropriate response or may not be able to provide an answer that maintains client confidentiality.
C. Discussing the results of the audit, while omitting specifics related to names and products, may be perceived as an acceptable compromise by the client. However, the auditor should be cautious, as providing too much information can inadvertently reveal the identity of the competitor.
D. Obtaining permission from the competitor to use the audit results as examples for future clients would be inappropriate. This is because the auditor should not reveal the details of an audit, even with the consent of the audit client.
In summary, option A is the best response to the client's inquiry as it maintains client confidentiality and ensures that the IS auditor is not violating any ethical or legal obligations.