• SecurePath for Auto Dealers
  • Services
    • SOC Reporting Services
      • SOC 2® Readiness Assessment
      • SOC 2® Reports
      • SOC 3® Reports
      • SOC for Cybersecurity® Reports
    • IT Advisory Services
      • IT Vulnerability Assessment
      • Network Penetration Testing
      • Privileged Access Management
      • Social Engineering Testing
      • Virtual CISO (vCISO)
      • Written Information Security Program (“WISP”)
      • IT General Controls Audit & Compliance
    • IT Government Compliance
      • CMMC Cybersecurity Services & Compliance
      • DFARS Compliance
      • FTC Safeguards Compliance
  • Industries
    • Financial Services
    • Government
    • Auto Dealerships
    • Enterprise
  • Blog
  • About Us
    • Meet The Team
    • Jobs
  • Contact Us

Call us today! 844-OCD-TECH

Find our Location
OCD TechOCD Tech
  • SecurePath for Auto Dealers
  • Services
    • SOC Reporting Services
      • SOC 2® Readiness Assessment
      • SOC 2® Reports
      • SOC 3® Reports
      • SOC for Cybersecurity® Reports
    • IT Advisory Services
      • IT Vulnerability Assessment
      • Network Penetration Testing
      • Privileged Access Management
      • Social Engineering Testing
      • Virtual CISO (vCISO)
      • Written Information Security Program (“WISP”)
      • IT General Controls Audit & Compliance
    • IT Government Compliance
      • CMMC Cybersecurity Services & Compliance
      • DFARS Compliance
      • FTC Safeguards Compliance
  • Industries
    • Financial Services
    • Government
    • Auto Dealerships
    • Enterprise
  • Blog
  • About Us
    • Meet The Team
    • Jobs
  • Contact Us
Ethics in IT Audit

Ethics in IT Audit

March 11, 2024 Posted by Michael Hammond, CISA, CRISC, CISSP Cybersecurity, IT Audit

In situations where an internal auditor uncovers significant findings that could potentially put the IT manager/responsible party in trouble, it is crucial to handle the matter with utmost professionalism, ethics, and transparency. Here’s a guide on what auditors should do in such situations:

1. Maintain Objectivity:

Internal auditors must remain impartial and objective throughout the auditing process. Personal biases should not influence the reporting of findings.

2. Document Findings Thoroughly:

Record all findings in detail, including evidence and supporting documentation. This documentation is essential for transparency and in case of any disputes or challenges to the findings.

3. Follow Established Protocols:

Adhere to established audit protocols and guidelines. Ensure that the audit process aligns with industry standards and regulatory requirements.  Revert back to your ISACA CISA guidelines if it’s been awhile since you saw those.

4. Inform Management:

Immediately report significant findings to the appropriate management level within the organization. Transparency is key to addressing issues promptly.  Bad news doesn’t get better with time.

5. Communicate with the responsible party:

Engage in a professional and open dialogue with the IT manager/responsible person. Clearly communicate the findings, allowing them an opportunity to provide their perspective.

6. Emphasize Ethical Conduct:

Highlight the importance of ethical conduct within the auditing profession. Emphasize the duty to report accurately and fairly, even if the findings may have negative implications.

7. Maintain Confidentiality:

Handle sensitive information with the utmost confidentiality. Ensure that only authorized personnel have access to the audit findings until they are appropriately disclosed.

8. Collaborate with Legal and Compliance Teams:

If required, work closely with the legal and compliance teams to ensure that the audit process aligns with legal requirements and industry regulations (as needed).

9. Suggest Remediation Measures:

Evaluate management’s recommendations for remediation measures to address the identified issues. Work collaboratively with the IT manager and relevant stakeholders to review the plan for improvement.

10. Consider External Reporting:

If internal channels are insufficient, consider reporting the findings to external regulators or authorities in accordance with applicable laws and regulations.  Double check applicability before executing this step. 

11. Act Professionally with the Audited Company:

Maintain a professional and respectful demeanor when interacting with the audited company. Foster a cooperative environment that encourages improvement rather than punitive actions.

12. And again, uphold the Reputation of the Profession:

Uphold the reputation of the auditing profession by acting with integrity, honesty, and professionalism. Be a role model for ethical behavior within the organization. 

Need more information? Contact our team of experts.

SECURING YOUR PATH

Tags: cybersecurity
Share
0
Avatar photo

About Michael Hammond, CISA, CRISC, CISSP

Joining the firm in 2012, Michael is the Principal of IT Audit Services. Michael has twenty years of extensive Information Technology expertise in various disciplines, including operations, control design and testing. Previously, Michael was Vice President and Senior IT Audit Manager at State Street Corporation and is a veteran of the United States Air Force.

You also might be interested in

OCD TECH NIST UPDATE

NIST Framework update

Aug 16, 2023

The National Institute of Standards and Technology (NIST) has recently[...]

Critical-Vulnerability-Cybersecurity

Critical Vulnerability In Exim Email Servers

Jun 13, 2019

A critical remote command execution vulnerability was recently identified within Exim, the UNIX based mail transfer agent.

Cybersecurity Maturity Model Certification (CMMC)

Apr 28, 2020

Does your organizaton currently hold DoD contracts including the DFARS 252.204-7012 clause?

Find us on

Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Send Message
OCD Tech logo Audit. Security. Assurance.

IT Audit | Cybersecurity | IT Assurance | IT Security Consultants – OCD Tech is a technology consulting firm serving the IT security and consulting needs of businesses in Boston (MA), Braintree (MA) and across New England. We primarily serve Fortune 500 companies including auto dealers, financial institutions, higher education, government contractors, and not-for-profit organizations with SOC 2 reporting, CMMC readiness, IT Security Audits, Penetration Testing and Vulnerability Assessments. We also provide dark web monitoring, DFARS compliance, and IT general controls review.

Contact Info

  • OCD Tech
  • 25 BHOP, Suite 407, Braintree MA, 02184
  • 844-623-8324
  • https://ocd-tech.com

Follow Us

Videos

Check Out the Latest Videos From OCD Tech!

Services

SOC Reporting Services
– SOC 2 ® Readiness Assessment
– SOC 2 ®
– SOC 3 ®
– SOC for Cybersecurity ®

IT Advisory Services
– IT Vulnerability Assessment
– Penetration Testing
– Privileged Access Management
– Social Engineering
– WISP
– General IT Controls Review

IT Government Compliance Services
– CMMC
– DFARS Compliance
– FTC Safeguards vCISO

Industries

  • Financial Services
  • Government
  • Enterprise
  • Auto Dealerships

© 2025 — OCD Tech: IT Audit - Cybersecurity - IT Assurance

  • OCD Tech
  • About Us
  • Contact Us
Prev Next