Which of the following is NOT the IS auditor's responsibility?

The role of an Information Systems (IS) auditor primarily centers around assessing the adequacy of controls and governance related to information systems. Among the responsibilities commonly associated with IS auditors are identifying and assessing risks relevant to the area under review, providing recommendations for risk mitigation, and ensuring compliance with internal control procedures.

The responsibility to report all findings to external stakeholders, while important, typically falls outside the direct scope of an auditor's duties. IS auditors are primarily accountable to the organization's management and audit committees, focusing on internal assessments rather than communicating directly with external stakeholders, unless specifically directed or required by regulations. Thus, the responsibility for reporting findings to external parties may be aligned more with broader governance and compliance roles beyond the traditional auditor framework.