The primary consideration for an IS auditor when determining which issues to include in an audit report is materiality. Materiality refers to the significance of a finding in the context of the audit objectives. An audit finding is material if its omission or misstatement could influence the decisions of management or other stakeholders. The purpose of the audit report is to communicate significant findings that require management's attention and potential action. Focusing on material issues ensures that the report is relevant, impactful, and drives improvements in governance, risk management, and control, rather than overwhelming stakeholders with trivial details.

A. Professional skepticism is a critical professional attitude and mindset that must be applied throughout the entire audit process, not a specific criterion for selecting which findings to report.

B. Requiring management's agreement on findings before inclusion would fundamentally compromise the auditor's independence and objectivity, which are cornerstones of the audit profession.

D. Inherent risk is assessed during the audit planning phase to determine the nature and extent of audit procedures, not to decide which identified findings are significant enough for the final report.

---

1. ISACA. (2019). CISA Review Manual

27th Edition. Section 1.3.2

"Materiality

" states

"Materiality is a key concept that will be used when planning the audit and when evaluating the identified errors and irregularities... The IS auditor should consider materiality when determining the reportable findings."

2. ISACA. (2014). ITAF: A Professional Practices Framework for IS Audit/Assurance

4th Edition. Guideline 2204

"Materiality

" Section 3.1

notes that "IS audit and assurance professionals should consider materiality and its relationship to audit risk when... evaluating the effect of identified control weaknesses and/or lack of compliance with established processes." This evaluation directly informs what is reported.

3. Singleton

T. (2011). The Core of the CISA Exam. ISACA Journal

Volume 2. This article emphasizes that a CISA candidate must understand core concepts

stating

"Materiality is a concept that relates to the importance or significance of an amount

transaction or discrepancy... The IS auditor must consider materiality in determining the appropriate reportable conditions."