Exam CISSP topic 1 question 434 discussion

D is there to trick you, it doesn't exist. The Answer is B: "1.1. Shall perform their work with honesty, diligence, and responsibility." https://www.theiia.org/en/standards/what-are-the-standards/mandatory-guidance/code-of-ethics/

I would have selected B but when the question specifically mentions what is applied to this particular instance, it has to be D.

This situation involves a potential conflict of interest or undue influence on the auditor’s ability to perform their duties objectively. The system owner's comment implies that the previous auditor may have been terminated for uncovering too many issues, which could be an attempt to intimidate or discourage the current auditor from reporting findings honestly.

In my opinion: D. Be aware of any influences that may be exerted on professional judgement Explanation: The scenario highlights a potential impairment to objectivity (IIA Code of Ethics Principle 2) due to the system owner’s implied threat (termination of the prior auditor for identifying control deficiencies). By reporting the conversation, the new auditor demonstrates adherence to the principle of objectivity, specifically Rule 2.1: "Internal auditors shall not participate in any activity or relationship that may impair or be presumed to impair their unbiased assessment."

D does not exist in the auditor's code. It is an arbitrary platitude.

Answer is D because of the specific scenario where the auditor is being threatened with their job if he comes up with bad report. So it is not B (Perform professional duties with honesty, diligence, and responsibility) as whilst this principle is important, but it is more general and does not specifically address the need to recognize and mitigate external influences.

could this have appeared in the CISSP exam? This is not included in any part of the present curriculum :(

Answer is B. D is not a principle. Good answer though, but not to this question.

Auditors have to maintain objectivity and be aware of anything that might affect their judgement - personal bias, outside pressure, etc. "The system owner stated that the last internal auditor was terminated because the auditor discovered too many deficient controls. " which would be considered outside pressure. Answer is D. Be aware of any influences that may be exerted on professional judgement. Independence may be impaired, for example, by external pressure or influence on auditors; prejudices held by auditors about individuals, audited entities, projects or programmes; recent previous employment with the audited entity; or personal or financial dealings which might cause conflicts of loyalties or of interests. Auditors have an obligation to refrain from becoming involved in all matters in which they have a vested interest. pg 5 #20 https://www.oas.org/juridico/PDFs/mesicic4_blz_code_%20ag.pdf

D is what could have happened (bias in his audit due to internal pressure) if the auditor would have not revealed this threat to his manager, so B is the correct answer, he acted to preserve the integrity of the audit

Answer B) Perform professional duties with honesty, diligence, and responsibility. https://www.isc2.org/ethics

Responsibility and Honesty is characterized by reporting the comment and continuing with your audit.

B. This scenario involves an auditor being tasked with auditing an area where a previous auditor seemingly faced retaliation for properly doing their job and finding control deficiencies. By reporting this conversation, the new auditor is upholding the audit integrity principle to perform duties with honesty, diligence and responsibility. The auditor has a responsibility to disclose any pressures or barriers that may impede their work, rather than ignoring or covering up issues. The other principles do not directly apply: A) Demonstrating competence is important but not the focus here. C) Acting per company policy is secondary to ethical conduct. D) Being aware of influences is good but the auditor is going further by reporting the pressure.