Accountability is responsibility for performance against agreed-upon expectations either stated and/or implied. Professionally, an IT auditor should exercise due caution from disclosing information acquired in the course of an engagement to any person other than the entity’s dually appointed representatives, without consent or otherwise, as required by any statute for the time being in force. An IT auditor “should always keep in view the various regulatory and statutory issues applicable” to the entity being audited to provide reasonable assurance of compliance with information disclosure mandates. For example, IT auditors should disclose IAP related information as required by law and, where appropriate, with client consent.
ISACA. “Responsibility, Authority and Accountability.” In Information Systems Standards, Guidelines, and Procedures for Auditing and Control Professionals. Rolling Meadows, IL: ISACA, March 2006. http://www.isaca.org/AMTemplate.cfm?Section=Standards2&Template=/ContentManagement/ContentDisplay.cfm&ContentID=40571 (accessed May 3, 2008).