Which two of the following are examples of audit methods that ‘do’ involve human interaction?

Which two of the following are examples of audit methods that ‘do’ involve human interaction?
A . Performing an independent review of procedures in preparation for an audit
B . Reviewing the auditee’s response to an audit finding
C . Analysing data by remotely accessing the auditee’s server
D . Observing work performed by remote surveillance
E . Analysing data by remotely accessing the auditee’s server

View Answer

Answer: AB

Explanation:

Audit methods are techniques used by auditors to obtain audit evidence. Audit methods can be classified into two categories: those that involve human interaction and those that do not2. Audit methods that involve human interaction require direct communication between the auditor and the auditee or other relevant parties, such as interviews, questionnaires, surveys, meetings, etc. Audit methods that do not involve human interaction rely on observation, inspection, measurement, testing, sampling, analysis, etc., without requiring any verbal or written exchange2. Therefore, performing an independent review of procedures in preparation for an audit and reviewing the auditee’s response to an audit finding are examples of audit methods that involve human interaction, as they require reading and evaluating documents provided by the auditee or other sources. On the other hand, analysing data by remotely accessing the auditee’s server and observing work performed by remote surveillance are examples of audit methods that do not involve human interaction, as they do not require any direct communication with the auditee or other parties.

Reference: ISO/IEC 27001:2022 Lead Auditor (Information Security Management Systems) |

CQI | IRCA