Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
CISA – Certified Information Systems Auditor Study Guide

You're reading from   CISA – Certified Information Systems Auditor Study Guide Achieve CISA certification with practical examples and over 850 exam-oriented practice questions

Arrow left icon
Product type Paperback
Published in Jun 2023
Publisher Packt
ISBN-13 9781803248158
Length 330 pages
Edition 2nd Edition
Arrow right icon
Author (1):
Arrow left icon
Hemang Doshi Hemang Doshi
Author Profile Icon Hemang Doshi
Hemang Doshi
Arrow right icon
View More author details
Toc

Table of Contents (14) Chapters Close

Preface 1. Chapter 1: Audit Planning 2. Chapter 2: Audit Execution FREE CHAPTER 3. Chapter 3: IT Governance 4. Chapter 4: IT Management 5. Chapter 5: Information Systems Acquisition and Development 6. Chapter 6: Information Systems Implementation 7. Chapter 7: Information Systems Operations 8. Chapter 8: Business Resilience 9. Chapter 9: Information Asset Security and Control 10. Chapter 10: Network Security and Control 11. Chapter 11: Public Key Cryptography and Other Emerging Technologies 12. Chapter 12: Security Event Management 13. Other Books You May Enjoy

Audit Project Management

An audit includes various activities, such as audit planning, resource allocation, determining the audit scope and audit criteria, reviewing and evaluating audit evidence, forming audit conclusions, and reporting to management. All these activities are integral parts of an audit, and project management techniques are equally applicable to audit projects.

The following are the basic steps for managing and monitoring audit projects:

Figure 2.3: Basic steps for managing and monitoring audit projects

Figure 2.3: Basic steps for managing and monitoring audit projects

The activities mentioned in the preceding figure are all performed to achieve specific audit objectives. These are discussed in the next section.

Audit Objectives

Audit objectives are the expected outcomes of the audit activities. They refer to the intended goals that the audit must accomplish. Determining the audit objectives is a very important step in planning an audit. Generally, audits are conducted to achieve the following objectives:

  • To confirm that internal control exists
  • To evaluate the effectiveness of internal controls
  • To confirm compliance with statutory and regulatory requirements

An audit also provides reasonable assurance about the coverage of material items.

Audit Phases

The audit process has three phases. The first phase is about planning, the second phase is about execution, and the third phase is about reporting. An IS auditor should be aware of the phases of an audit process shown in the following tables.

Phase

Audit Steps

Description

Planning Phase

Assess risk and determine audit area

The first step is to conduct a risk assessment and identify the function, process, system, and physical location to be audited.

Determine audit objective

  • The primary goal during the planning stage of an IS audit is to address the audit objectives.
  • The audit objective, i.e. the audit purpose, is also to be determine.
  • An audit may be conducted for regulatory or contractual requirements.

Determine the audit scope

  • The next step is to identify and determine the scope of the audit.
  • The scope may be restricted to a few applications or few processes only.
  • Defining the scope will the help auditor determine the resources required for conducting of the audit

Conduct pre-audit planning

  • Pre audit planning includes understanding the business environment and the relevant regulations.
  • It includes conducting risk assessments to determine areas of high risk.
  • It also includes determining resource requirements and audit timings.

Determine audit procedures

  • The audit program is designed on the basis of pre-audit information, which includes resource allocation and audit procedures to be followed.
  • During this step, audit tools and audit methodology are developed to test and verify the controls.

Execution Phase

Gather data

  • Next step is to gather relevant data and documents for the conduct of audit.

Evaluate controls

  • Once the required information, data and documents are available, the auditor is required to evaluate the controls to verify their effectiveness and efficiency of the controls.

Validate and document the results

  • Audit observations should be validated and documented along with the relevant evidence.

Reporting Phase

Draft report

  • A draft report should be issued for obtaining comments from management on the audit observations.
  • Before issuance of the final report, the draft report should be discussed with management.

Issue report

  • The final report should contain audit findings, recommendations, comments, and the expected date of closure of the audit findings.

Follow up

  • Follow-up should be done to determine whether the audit findings are closed and a follow-up report should be issued.

Table 2.1: Phases of an audit process

For the CISA exam, please note down the following steps for the audit process:

Figure 2.4: Steps followed in an audit

Figure 2.4: Steps followed in an audit

It should be noted that the steps should be followed in chronological sequence for the success of the audit project and to achieve the audit objectives.

Fraud, Irregularities, and Illegal Acts

The implementation of internal controls does not necessarily eliminate fraud. An IS auditor should be aware of the possibilities, circumstances, and opportunities that can lead to fraud and other irregularities. The IS auditor should observe and exercise due professional care to ensure that internal controls are appropriate, effective, and efficient to prevent or detect fraud, irregularities, and illegal acts.

In the case of suspicious activity, the IS auditor may communicate the need for a detailed investigation. In the case of a major fraud being identified, audit management should consider reporting it to the audit committee board.

Key Aspects from the CISA Exam Perspective

The following table covers the important aspects from the CISA exam perspective:

CISA Questions

Possible Answers

What does an IS audit provide?

Reasonable assurance about the coverage of material items

What is the first step of an audit project?

To develop an audit plan

What is the major concern in the absence of established audit objectives?

Not being able to determine key business risks

What is the primary objective of performing a risk assessment prior to the audit?

Allocating audit resources to areas of high risk

What is the first step of the audit planning phase?

Conducting risk assessments to determine the areas of high risk

Table 2.2: Key aspects from the CISA exam perspective

You have been reading a chapter from
CISA – Certified Information Systems Auditor Study Guide - Second Edition
Published in: Jun 2023
Publisher: Packt
ISBN-13: 9781803248158
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image