At the end of the testing phase of software development, an IS auditor observes that an intermittent
software error has not been corrected. No action has been taken to resolve the error. The IS auditor
report the error as a finding and leave further exploration to the auditee’s discretion.
attempt to resolve the error.
recommend that problem resolution be escalated.
ignore the error, as it is not possible to get objective evidence for the software error.
When an IS auditor observes such conditions, it is best to fully apprise the auditee and suggest
that further problem resolutions be attempted. Recording it as a minor error and leaving it to the
auditee’s discretion would be inappropriate, and neglecting the error would indicate that the auditor
has not taken steps to further probe the issue to its logical end.