An IS auditor typically documents findings regarding shared user accounts to:

The role of an IS auditor involves ensuring the integrity and security of information systems, and documenting findings regarding shared user accounts is a vital part of this process. Maintaining independence and objectivity is essential for the auditor, as it allows for unbiased reporting and assessment of the organization's controls and processes.

By documenting findings related to shared user accounts, the auditor can present objective evidence regarding the potential risks associated with these accounts, such as unauthorized access and accountability issues. The auditor’s independence ensures that their conclusions and recommendations are based on the evidence collected rather than any influence from the organization’s personnel.

This documentation also helps to support the auditor’s assessment of the effectiveness of access controls and can serve as a basis for informing stakeholders about potential vulnerabilities. Ultimately, maintaining independence and objectivity strengthens the overall audit process by ensuring that findings are credible and actionable.

While encouraging the removal of shared IDs and testing compliance based on findings are relevant actions an auditor might take, the primary focus in documenting findings is to maintain an impartial perspective that is critical for an effective audit. Similarly, informing the audit committee would be a follow-up action rather than a primary reason for documentation. Thus, the emphasis on independence and objectivity highlights the integrity of the auditing process itself.