Confidentiality is one of the principles of audit conduct that auditors should adhere to when

performing audits. Confidentiality means that auditors should exercise discretion in the use and

protection of information acquired in the course of their duties3. Auditors should respect the

intellectual property rights of the auditee and other parties involved in the audit, and should not

disclose any information that is sensitive, proprietary, or confidential without prior approval from the

auditee or other authorized parties3. Auditors should also obtain the auditee’s permission before

using a camera or recording equipment during an audit, as these devices may capture confidential

information or infringe on the privacy of individuals3. Therefore, these two options correctly state

the function of confidentiality in an audit. The other options are either incorrect or irrelevant to

confidentiality. For example, auditors are not forced by regulatory requirements to maintain

confidentiality in an audit, but rather by ethical obligations and contractual agreements3. Observers

in an audit team can access confidential information if they have signed a confidentiality agreement

and have been authorized by the auditee3. Audit information can be used for improving personal

competence by the auditor only if it does not compromise confidentiality or conflict with other

interests3. As an auditor is always accompanied by a guide, there is still a risk to the auditee’s

sensitive information if the guide is not trustworthy or authorized to access such

information3. Reference: ISO 19011:2018 - Guidelines for auditing management systems