You are an information systems auditor in the firm of external auditors for Black Snake Breweries (BSB) Ltd., a large Brisbane-based manufacturer and supplier of beer to Australia, New Zealand, Papua New Guinea, and several countries in Southeast Asia. BSB is considered to be one of the most modern, up-to-date brewers in the southern hemisphere. It has always been an extensive user of computer systems to support all facets of it activities.

Currently you are carrying out interim audit work. One of your tasks is to evaluate the quality of controls in the information systems department's QA function. In your opinion, BSB has had an excellent QA function for many years. It was established by the previous manager of internal audit. She appointed one of her best and most senior internal auditors to manage the QA function. He, in turn, did an outstanding job in setting up the QA function and gaining respect for and recognition of the importance of QA activities across a broad range of stakeholders.

Shortly after you completed your audit work last year, the QA manager retired. A new QA manager was appointed from a small list of applicants for the job. He was previously a senior internal auditor for a major bank. BSB's management decided to hire him because he had extensive experience with a new hardware-software platform to be implemented throughout BSB. A1though he had several years experience as an internal auditor, previously he had been a systems programmer. He had graduated with a master's degree in computer science, and he was considered to be an excellent technician. He had been appointed to the bank's internal audit department primarily to provide advice on how data integrity, asset safeguarding, system effectiveness, and system efficiency could be improved in the bank's data communications system. The bank's management considered that he had done an outstanding job.

As you carry out your audit work, however, you find some discontent over the performance of BSB's QA function since the new QA manager was appointed. In particular, two major new financial information systems have been commenced since he took up the position. Both are still in the requirements determination stage. The managers of the functional areas that will use the systems are unhappy, however, about several disputes they have had with the QA manager. The disputes relate to reports that the QA manager has provided to senior management. In their view, the QA manager has made a "mountain out of a molehill" in relation to some areas of noncompliance with standards. When you interview the QA manager about the disputes, however, he tells you that the areas of noncompliance are unacceptable because they relate to user involvement in the requirements determination phase for data communications controls in the new systems. He points out that this is his area of expertise, and he knows what users should be doing. He remarks to you in confidence that he also believes the previous QA manager had been in his position too long and that he had compromised his inde pendence with users. When you interview senior management, they are somewhat bewildered about the way in which the disputes have escalated so quickly. They indicate that they are confused and concerned because they are unable to evaluate whether the areas on noncompliance are serious or minor. They lack the expertise to make this judgement.

Required. What is your assessment of the situation? How would you now proceed with the remainder of your interim audit work? What impact, if any, might your findings have on year-end audit work?