An IS auditor who was involved in designing an organization’s business continuity plan (BCP) has
been assigned to audit the plan. The IS auditor should:
A.
decline the assignment.
B.
inform management of the possible conflict of interest after completing the audit assignment.
C.
inform the business continuity planning (BCP) team of the possible conflict of interest prior to
beginning the assignment.
D.
communicate the possibility of conflict of interest to management prior to starting the
assignment.
Explanation:
Communicating the possibility of a conflict of interest to management prior to starting the
assignment is the correct answer. A possible conflict of interest, likely to affect the auditor’s
independence, should be brought to the attention of management prior to starting the assignment.
Declining the assignment is not the correct answer because the assignment could be accepted after
obtaining management approval. Informing management of the possible conflict of interest after
completion of the audit assignment is not correct because approval should be obtained prior to
commencement and not after the completion of the assignment. Informing the business continuity
planning (BCP) team of the possible conflict of interest prior to starting of the assignment is not the
correct answer since the BCP team would not have the authority to decide on this issue.