An IS auditor’s role is to detect and document findings and control deficiencies. Part of the audit report is to explain the reasoning behind the findings. The use of shared IDs is not recommended because it does not allow for accountability of transactions. An IS auditor defers to management to decide how to respond to the findings presented.