Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
CISA – Certified Information Systems Auditor Study Guide

You're reading from   CISA – Certified Information Systems Auditor Study Guide Achieve CISA certification with practical examples and over 850 exam-oriented practice questions

Arrow left icon
Product type Paperback
Published in Jun 2023
Publisher Packt
ISBN-13 9781803248158
Length 330 pages
Edition 2nd Edition
Arrow right icon
Author (1):
Arrow left icon
Hemang Doshi Hemang Doshi
Author Profile Icon Hemang Doshi
Hemang Doshi
Arrow right icon
View More author details
Toc

Table of Contents (14) Chapters Close

Preface 1. Chapter 1: Audit Planning 2. Chapter 2: Audit Execution FREE CHAPTER 3. Chapter 3: IT Governance 4. Chapter 4: IT Management 5. Chapter 5: Information Systems Acquisition and Development 6. Chapter 6: Information Systems Implementation 7. Chapter 7: Information Systems Operations 8. Chapter 8: Business Resilience 9. Chapter 9: Information Asset Security and Control 10. Chapter 10: Network Security and Control 11. Chapter 11: Public Key Cryptography and Other Emerging Technologies 12. Chapter 12: Security Event Management 13. Other Books You May Enjoy

Reporting and Communication Techniques

Audit reporting and following up for closure are the last steps of the audit process. The effectiveness of an audit largely depends on how the audit results are communicated and how follow-up is done for the closure of recommendations. Effective verbal and written communication skills are key attributes of a good auditor. A CISA candidate is expected to have a thorough understanding of the elements of an exit interview, audit report objectives, the process and structure, and follow-up activities.

Exit Interview

Auditing is not about finding errors. It is about adding value to the existing processes of an organization.

A formal exit interview is essential before the audit report is released. The following are the objectives of an exit interview:

  • To ensure that the facts are appropriately and correctly presented in the report
  • To discuss recommendations with auditee management
  • To discuss an implementation date

The exit meeting ensures that facts are not misunderstood or misinterpreted. Exit meetings help to align the audit team and auditee management on the findings that are presented, discussed, and agreed upon.

Audit Reporting

A CISA candidate should note the following best practices with respect to audit reporting:

  • The IS auditor is ultimately responsible for senior management and the final audit report should be sent to the Audit Committee of the Board (ACB). If the IS auditor has no access to the top officials and the audit committee, it will impact the auditor’s independence.
  • Before the report is placed with the ACB, the IS auditor should discuss with auditee management to determine the accuracy of the audit observations and to understand the correction plan.
  • Sometimes, auditee management may not agree with the audit findings and recommendations. In such cases, IS auditors should emphasize the significance of the audit findings and the risk of not taking any corrective action.
  • If there is any control weakness that is not within the scope of the audit, it should be reported to management during the audit process. This should not be overlooked. Generally, accepted audit procedures require audit results to be reported even if the auditee takes corrective action prior to reporting.
  • To support the audit results, the IS auditor should have clear and accurate audit facts.

Audit Report Objectives

The following are the six objectives of audit reporting:

  • The presentation of audit findings/results to all the stakeholders (that is, the auditees).
  • The audit report serves as a formal closure for the audit committee.
  • The audit report provides assurance to the organization. It identifies the areas that require corrective action and associated suggestions.
  • The audit report serves as a reference for any party researching the auditee or audit topic.
  • It helps in follow-ups of audit findings presented in the audit reports for closure.
  • A well-defined audit report promotes audit credibility. This depends on the report being well developed and well written.

Audit Report Structure

An audit report includes the following content:

  • An introduction to the report, which includes the scope of the audit, the limitations of the audit, a statement of the audit objective, the audit period, and so on
  • Audit findings and recommendations
  • Opinion about the adequacy, effectiveness, and efficiency of the control environment

Now you will see a rundown of the main objectives of follow-up activities.

Follow-Up Activities

The main objective of follow-up activities is to validate whether management has implemented the recommendations. An IS auditor needs to determine whether management has acted on corrective actions to close the audit findings. It is essential to have a structured process to determine that corrective actions have been implemented.

Follow-up activities should be taken on the basis of the timeline agreed on by auditee management for the closure of audit findings. The status of compliance should be placed at the appropriate level of management.

Although audit follow-ups are primarily applicable to internal audit functions, external audit firms may be required to do the follow-up if it is included in the letter of engagement.

Key Aspects from the CISA Exam Perspective

The following table covers important aspects from the CISA exam perspective:

CISA Questions

Possible Answers

What is the objective of an audit closure meeting?

To ensure that there have been no misunderstandings or misinterpretations of the facts

What is the objective of conducting a follow-up audit?

To validate remediation action

What is the best way to schedule a follow-up audit?

On the basis of the due date agreed upon by auditee management

Table 2.14: Key aspects from the CISA exam perspective

You have been reading a chapter from
CISA – Certified Information Systems Auditor Study Guide - Second Edition
Published in: Jun 2023
Publisher: Packt
ISBN-13: 9781803248158
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image