CISA Certified Information Systems Auditor – Question0179

Internal audit reports should be PRIMARILY written for and communicated to:

A.
audit management, as they are responsible for the quality of the audit.
B. external auditors, as they provide an opinion on the financial statements.
C. auditees, as they will eventually have to implement the recommendations.
D. senior management, as they should be informed about the identified risks.

Correct Answer: A