Which of the following would be considered a nonconformity in an audit?

The correct choice highlights a fundamental principle in auditing and compliance management. Nonconformity refers to any instance where an organization fails to meet specified requirements or established standards, which can hinder the effectiveness of its management system.

Failure to comply with established procedures is a clear example of nonconformity because it signifies that the organization is not adhering to the processes and controls that have been put in place to safeguard information security or to fulfill legal and regulatory obligations. This can lead to increased risk, potential legal implications, or a lack of trust in the organization’s operations.

The other options, while they reflect issues that may impact the overall audit process or document management, do not directly signify a failure to comply with established procedures in the same way. Providing excessive documentation may indicate a lack of understanding or efficiency but does not inherently violate any procedures. Submitting audit findings late pertains to the audit process's timing rather than compliance with established standards. Lastly, conducting audits without client involvement indicates a procedural issue but does not necessarily relate to a failure in compliance with the organization’s established procedures for conducting audits.

Thus, recognizing nonconformities like failing to comply with established procedures is crucial for maintaining the integrity of an organization's management system.