ExamTopics Logo
Mail Us[email protected]
Menu
Pecb Discussions
exam questions

Exam Lead Auditor All Questions

View all questions & answers for the Lead Auditor exam
Go to Exam

Exam Lead Auditor topic 1 question 69 discussion

Actual exam question from PECB's Lead Auditor
Question #: 69
Topic #: 1
[All Lead Auditor Questions]

Scenario: Tessa, Malik, and Michael are an audit team of independent and qualified experts in the field of security, compliance, and business planning and strategies. They are assigned to conduct a certification audit in Clastus, a large web design company. They have previously shown excellent work ethics, including impartiality and objectiveness, while conducting audits. This time, Clastus is positive that they will be one step ahead if they get certified against ISO/IEC 27001.
Tessa, the audit team leader, has expertise in auditing and a very successful background in IT-related issues, compliance, and governance. Malik has an organizational planning and risk management background. His expertise relies on the level of synthesis and analysis of an organizations security controls and its risk tolerance in accurately characterizing the risk level within an organization. On the other hand, Michael is an expert in the practical security of controls assessment by following rigorous standardized programs.
After performing the required auditing activities, Tessa initiated an audit team meeting. They analyzed one of Michael's findings to decide on the issue objectively and accurately. The issue Michael had encountered was a minor nonconformity in the organizations daily operations, which he believed was caused by one of the organization's IT technicians. As such, Tessa met with the top management and told them who was responsible for the nonconformity after they inquired about the names of the persons responsible.
To facilitate clarity and understanding, Tessa conducted the closing meeting on the last day of the audit. During this meeting, she presented the identified nonconformities to the Clastus management. However, Tessa received advice to avoid providing unnecessary evidence in the audit report for the Clastus certification audit, ensuring that the report remains concise and focused on the critical findings.
Based on the evidence examined, the audit team drafted the audit conclusions and decided that two areas of the organization must be audited before the certification can be granted. These decisions were later presented to the auditee, who did not accept the findings and proposed to provide additional information. Despite the auditee's comments, the auditors, having already decided on the certification recommendation, did not accept the additional information. The auditee's top management insisted that the audit conclusions did not represent reality, but the audit team remained firm in their decision.
Based on scenario, Tessa is advised to avoid providing unnecessary evidence in the audit report for the Clastus certification audit. Is this recommended?

  • A. Yes, to avoid including information that may compromise the audits confidentiality
  • B. Yes, to simplify the report for a better understanding
  • C. Yes, to ensure that all relevant evidence is considered and addressed
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by ROCTW at May 21, 2025, 9:04 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
ROCTW
3 weeks, 6 days ago
Selected Answer: A
C has logical inconsistency. Given these considerations, option A appears to be the more logically sound answer when interpreting "avoid providing unnecessary evidence" within the context of audit practice that balances information sufficiency with confidentiality. It reflects the need for audit reports to be concise while also managing information sensitivity. Option C, on the other hand, is problematic due to its semantic contradiction. Therefore, A is recommended based on the consideration of audit report content and confidentiality management, while C is problematic due to its logical inconsistency.
upvoted 1 times
...
ROCTW
3 weeks, 6 days ago
Selected Answer: C
The core principle of an audit report, especially for certification, is that it must be accurate, complete, and provide sufficient evidence to support its findings and conclusions. While conciseness is desirable, it cannot come at the expense of completeness or accuracy.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel