Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
CISA – Certified Information Systems Auditor Study Guide

You're reading from   CISA – Certified Information Systems Auditor Study Guide Aligned with the CISA Review Manual 2024 with over 1000 practice questions to ace the exam

Arrow left icon
Product type Paperback
Published in Oct 2024
Publisher Packt
ISBN-13 9781835882863
Length 356 pages
Edition 3rd Edition
Arrow right icon
Author (1):
Arrow left icon
Hemang Doshi Hemang Doshi
Author Profile Icon Hemang Doshi
Hemang Doshi
Arrow right icon
View More author details
Toc

Table of Contents (15) Chapters Close

Preface 1. Chapter 1: Audit Planning 2. Chapter 2: Audit Execution FREE CHAPTER 3. Chapter 3: IT Governance 4. Chapter 4: IT Management 5. Chapter 5: Information Systems Acquisition and Development 6. Chapter 6: Information Systems Implementation 7. Chapter 7: Information Systems Operations 8. Chapter 8: Business Resilience 9. Chapter 9: Information Asset Security and Control 10. Chapter 10: Network Security and Control 11. Chapter 11: Public Key Cryptography and Other Emerging Technologies 12. Chapter 12: Security Event Management 13. Chapter 13: Accessing the Online Practice Resources 14. Other Books You May Enjoy

Audit Project Management

An audit includes various activities, such as audit planning, resource allocation, determining the audit scope and audit criteria, reviewing and evaluating audit evidence, forming audit conclusions, and reporting to management. All these activities are integral parts of an audit, and project management techniques are equally applicable to audit projects.

Audit Objectives

Audit objectives are the expected outcomes of the audit activities. They refer to the intended goals that the audit must accomplish. Determining the audit objectives is a very important step in planning an audit. Generally, audits are conducted to achieve the following objectives:

  • To confirm that internal control exists
  • To evaluate the effectiveness of internal controls
  • To confirm compliance with statutory and regulatory requirements

An audit also provides reasonable assurance about the coverage of material items.

Audit Phases

The audit management project process has three phases. The first phase is planning, the second phase is execution, and the third phase is reporting. An IS auditor should be aware of the steps involved in the phases of an audit management process, as shown in the following table:

Phase

Audit Steps

Description

Planning

Assess risk and determine audit areas

The first step is to conduct a risk assessment and identify the function, process, system, and physical location to be audited

Determine audit objective

The primary goal during the planning stage of an IS audit is to address the audit objectives

The audit objective (i.e., the audit purpose) is also to be determined

An audit may be conducted for regulatory or contractual requirements

Determine the audit scope

The next step is to identify and determine the scope of the audit

The scope may be restricted to a few applications or a few processes only

Defining the scope will help the auditor determine the resources required for conducting the audit

Conduct pre-audit planning

Pre-audit planning includes understanding the business environment and the relevant regulations

It includes conducting risk assessments to determine areas of high risk

It also includes determining resource requirements and audit timings

Determine audit procedures

The audit program is designed on the basis of pre-audit information, which includes resource allocation and audit procedures to be followed

During this step, audit tools and audit methodology are developed to test and verify the controls

Execution

Gather data

The next step is to gather relevant data and documents for conducting the audit

Evaluate controls

Once the required information, data, and documents are available, the auditor is required to evaluate the controls to verify their effectiveness and efficiency

Validate and document the results

Audit observations should be validated and documented along with the relevant evidence

Reporting

Draft report

A draft report should be issued to obtain comments from management on the audit observations

Before issuance of the final report, the draft report should be discussed with management

Issue report

The final report should contain audit findings, recommendations, comments, and the expected date of closure of the audit findings

Follow up

A follow-up should be done to determine whether the audit findings are closed and a follow-up report should be issued

Table 2.1: Phases of an audit process

It should be noted that the steps should be followed in chronological sequence for the success of the audit project and to achieve the audit objectives.

Key Aspects for the CISA Exam

The following table covers the important aspects from the CISA exam perspective:

Questions

Possible Answers

What does an IS audit provide?

Reasonable assurance about the coverage of material items

What is the first step of an audit project?

To develop an audit plan

What is the major concern in the absence of established audit objectives?

Not being able to determine key business risks

What is the primary objective of performing a risk assessment prior to the audit?

Allocating audit resources to areas of high risk

What is the first step of the audit planning phase?

Conducting risk assessments to determine the areas of high risk

What is an important consideration when planning the scope and objectives of an IS audit?

Applicable statutory requirements

Table 2.2: Key aspects for the CISA exam

Audit sampling is an important element of audit project management and selecting an appropriate sampling methodology is critical for gathering the relevant data and drawing accurate conclusions. The next section discusses sampling methodologies.

You have been reading a chapter from
CISA – Certified Information Systems Auditor Study Guide - Third Edition
Published in: Oct 2024
Publisher: Packt
ISBN-13: 9781835882863
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image