Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

PECB Exam ISO-IEC-27001-Lead-Auditor Topic 2 Question 56 Discussion

Actual exam question for PECB's ISO-IEC-27001-Lead-Auditor exam
Question #: 56
Topic #: 2
[All ISO-IEC-27001-Lead-Auditor Questions]

Scenario 8: Tess

a. Malik, and Michael are an audit team of independent and qualified experts in the field of security, compliance, and business planning and strategies. They are assigned to conduct a certification audit in Clastus, a large web design company. They have previously shown excellent work ethics, including impartiality and objectiveness, while conducting audits. This time, Clastus is positive that they will be one step ahead if they get certified against ISO/IEC 27001.

Tessa, the audit team leader, has expertise in auditing and a very successful background in IT-related issues, compliance, and governance. Malik has an organizational planning and risk management background. His expertise relies on the level of synthesis and analysis of an organization's security controls and its risk tolerance in accurately characterizing the risk level within an organization On the other hand, Michael is an expert in the practical security of controls assessment by following rigorous standardized programs.

After performing the required auditing activities, Tessa initiated an audit team meeting They analyzed one of Michael s findings to decide on the issue objectively and accurately. The issue Michael had encountered was a minor nonconformity in the organization's daily operations, which he believed was caused by one of the organization's IT technicians As such, Tessa met with the top management and told them who was responsible for the nonconformity after they inquired about the names of the persons responsible

To facilitate clarity and understanding, Tessa conducted the closing meeting on the last day of the audit. During this meeting, she presented the identified nonconformities to the Clastus management. However, Tessa received advice to avoid providing unnecessary evidence in the audit report for the Clastus certification audit, ensuring that the report remains concise and focused on the critical findings.

Based on the evidence examined, the audit team drafted the audit conclusions and decided that two areas of the organization must be audited before the certification can be granted. These decisions were later presented to the auditee, who did not accept the findings and proposed to provide additional information. Despite the auditee's comments, the auditors, having already decided on the certification recommendation, did not accept the additional information. The auditee's top management insisted that the audit conclusions did not represent reality, but the audit team remained firm in their decision.

Based on the scenario above, answer the following question:

The audit team did not accept Clastus's additional information because they had already made the certification recommendation. Is this acceptable?

Show Suggested Answer Hide Answer
Suggested Answer: B

Comprehensive and Detailed In-Depth

B . Correct Answer:

ISO 19011:2018 (Guidelines for Auditing) requires auditors to consider all relevant evidence before making a final recommendation.

Clastus has the right to present additional evidence if they disagree with findings.

A . Incorrect:

Certification recommendations should remain open to valid new evidence until officially finalized.

C . Incorrect:

Auditors must consider revisions if they provide relevant clarification or evidence.

Relevant Standard Reference:

ISO 19011:2018 Clause 6.6.3 (Handling Disputes and Additional Evidence in Audits)


Contribute your Thoughts:

Vannessa
4 days ago
The auditors should have at least listened to the additional information before firmly sticking to their decision. It's never a good idea to completely shut down communication, even if you think you're right.
upvoted 0 times
...
Kenda
5 days ago
Ha, this is like trying to argue with my boss after they've already made up their mind. Good luck, Clastus, you're gonna need it.
upvoted 0 times
...
Antione
6 days ago
I can see both sides here. The auditors should strive for transparency, but the auditee also needs to provide information in a timely manner. This seems like a communication breakdown that could have been handled better.
upvoted 0 times
...
Brittani
10 days ago
I disagree. The auditors have a responsibility to remain objective and impartial. If they've already reviewed the evidence and made their recommendation, they don't have to accept last-minute revisions just because the auditee disagrees.
upvoted 0 times
In
2 days ago
A) Yes, once the audit team decides on a certification recommendation, they cannot accept any additional information
upvoted 0 times
...
...
Maurine
18 days ago
I believe the auditor should consider revisions resulting from discussions with the auditee in the certification decision.
upvoted 0 times
...
Kaitlyn
24 days ago
Hmm, the auditors should have been more open to considering the additional information from the auditee. Once they made their recommendation, they seemed a bit too stubborn in their decision.
upvoted 0 times
Lashawna
11 days ago
The auditors should have been more open-minded.
upvoted 0 times
...
Carlee
12 days ago
Yes, they seemed too stubborn in their decision.
upvoted 0 times
...
Gilberto
17 days ago
The auditors should have listened to the auditee's additional information.
upvoted 0 times
...
...
Isreal
30 days ago
I disagree, the auditee should be able to provide additional information if they disagree with the recommendation.
upvoted 0 times
...
Queen
1 months ago
I think it's acceptable to not accept additional information once the certification recommendation is made.
upvoted 0 times
...

Save Cancel