What should an internal auditor do if management wants a finding removed?
I drafted a finding on delayed termination of user access. Management agrees the evidence is real but says the report should omit the issue because there was no actual fraud loss and the wording could upset senior leadership. How should I think about this on a CIA-style engagement?
Treat this as a substance-versus-tone question.
If management wants to improve wording without changing the supported condition, risk, or action plan, that is normal report clearance. If management wants a supported issue removed or materially diluted, internal audit should follow the approved escalation path.
A practical sequence is:
- confirm the evidence and risk statement are supportable
- offer more precise wording if the draft is overstated
- document the requested change and why it would affect report substance
- elevate through the chief audit executive, audit director, or approved reporting governance process
The absence of a realized loss does not erase control risk. CIA questions usually favor the answer that preserves completeness and objectivity rather than the answer that avoids conflict.
Master Part 2 with our CIA Course
45 lessons · 90+ hours· Expert instruction
Related Questions
What should an auditor do if a supervisor weakens a supported finding?
How should auditors prepare for a technical exit meeting?
When should audit quality concerns be escalated beyond the engagement team?
How does business knowledge affect internal audit quality?
Where should an auditor begin a full-company internal control audit?
Related Articles
Join the Discussion
Ask questions and get expert answers.