CISA Certified Information Systems Auditor – Question2569 - CISA Certified Information Systems Auditor

After initial investigation, an IS auditor has reasons to believe that fraud may be present.
The IS auditor should:

A. expand activities to determine whether an investigation is warranted
B. report the matter to the audit committee.
C. report the possibility of fraud to top management and ask how they would like to be proceed.
D. consult with external legal counsel to determine the course of action to be taken.

Correct Answer: A

Explanation:

Explanation:
An IS auditor’s responsibilities for detecting fraud include evaluating fraud indicators and deciding whether any additional action is necessary or whether an investigation should be recommended. The IS auditor should notify the appropriate authorities within the organization only if it has determined that the indicators of fraud are sufficient to recommend an investigation. Normally, the IS auditor does not have authority to consult with external legal counsel.