click below
click below
Normal Size Small Size show me how
CISA Chapter 1
The IS Audit Process
Question | Answer |
---|---|
Role of the IS Audit function | Est. by Audit Charter; Approved by highest level of Mgmt (BOD,Audit); State mgmt's overall authority,scope, & responsibilities of the Audit function; Be appropriately documented in the Audit Charter |
IS Auditors should | Maintain competency,update skills,obtain training; Be technically competent, having skills and knowledge necessary to perform one's audit work; Required annual CPE |
Audit Planning consists of | Short-Term - Audit issues covered current yr; Long-Term - Risk related issues and changes in the IT organizations strategic direction |
8 Steps in Audit Planning are | 1)Understand mission,objectives & processes; 2)Identify policies & procedures 3)Evaluate the risk assessment 4)Perform risk analysis 5)Conduct an internal control review 6)Set the audit scope and objectives 7)Develop the audit approach 8)Assign re |
6 Steps IS Auditor to understand business | 1)Touring key facilities 2)Reading annual reports,industry pubs 3)Reviewing LT strategic plans 4)Interview key mgr's 5)Review PY Audit reports 6) Identify specific regulations to IT |
5 Steps to Determine entities level of compliance with external requirements | 1)Identify gov or other agencies dealing with IT 2)Document laws & regulations 3)Assess if mgmt & IA have considered relevant external requirements 4)Review IA documents that address adherence to laws 5)Determine adherence to established procedures |
An Example of strong control practices | Sarbanes-Oxley Act of 2002: Requires Co. to adapt COSO - Internal Control - Integrated Framework from the Committee of Sponsoring Organizations of the Treadway Commission |
ISACA Code of Professional Ethics | 1)Support compliance standards/procedures 2)Perform duties w/due diligence & best practices 3)Serve the interest of Shareholders 4)Maintain privacy & confidentiality of Co. 5)Maintain competency in field 6)Inform mgmt all facts 7)Support CPE |