Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
CISA – Certified Information Systems Auditor Study Guide

You're reading from   CISA – Certified Information Systems Auditor Study Guide Aligned with the CISA Review Manual 2019 to help you audit, monitor, and assess information systems

Arrow left icon
Product type Paperback
Published in Aug 2020
Publisher Packt
ISBN-13 9781838989583
Length 590 pages
Edition 1st Edition
Languages
Tools
Arrow right icon
Author (1):
Arrow left icon
Hemang Doshi Hemang Doshi
Author Profile Icon Hemang Doshi
Hemang Doshi
Arrow right icon
View More author details
Toc

Table of Contents (19) Chapters Close

Preface 1. Section 1: Information System Auditing Process
2. Audit Planning FREE CHAPTER 3. Audit Execution 4. Section 2: Governance and Management of IT
5. IT Governance 6. IT Management 7. Section 3: Information Systems Acquisition, Development, and Implementation
8. Information Systems Acquisition and Development 9. Information Systems Implementation 10. Section 4: Information System Operations and Business Resilience
11. Information System Operations 12. Business Resilience 13. Section 5: Protection of Information Assets
14. Information Asset Security and Control 15. Network Security and Control 16. Public Key Cryptography and Other Emerging Technologies 17. Security Event Management 18. Other Books You May Enjoy

The content of an audit charter

An internal audit is an independent activity and it should ideally be reported to a board-level committee. In most organizations, the internal audit function reports to the audit committee of the board. This helps to protect the independence of the audit function.

The independence of the audit function is ensured through a management-approved audit charter.

The following figure shows the features of an audit charter:

The CISA candidate should note the following features of the audit charter:

  • An audit charter is a formal document defining the internal audit's objective, authority, and responsibility. The audit charter covers the entire scope of audit activities.
  • An audit charter must be approved by top management.
  • An audit charter should not be changed too often and hence procedural aspects should not be included in it. Also, it is recommended to not include a detailed annual audit calendar including things such as planning, the allocation of resources, and other details such as audit fees, other expenses for the audit, and so on in an audit charter.
  • An audit charter should be reviewed annually to ensure that it is aligned with business objectives.

Essentially, an auditor's activities are impacted by the charter of audit department, which authorizes the accountability and responsibility of the audit department.

An audit charter includes the following:

  • The mission, purpose, and objective of the audit function
  • The scope of the audit function
  • The responsibilities of management
  • The responsibilities of internal auditors
  • The authorised personnel of the internal audit work

If an audit is outsourced to an audit firm, the objective of the audit, along with its detailed scope, should be incorporated in an audit engagement letter.

An audit charter forms the basis of structured audit planning. Activities relevant to audit planning are discussed in the next topic.

Key aspects from CISA exam perspective

The following table covers important aspects from the CISA exam perspective:

CISA questions

Possible answers

Who should approve the audit charter of an organization?

Senior management

What should the content of an audit charter be?

The scope, authority, and responsibilities of the audit function

What is the prime reason for review of an organization chart?

To understand the authority and responsibility of individuals

The actions of an IS auditor are primarily influenced by

Audit charter

Which document provides the overall authority for an auditor to perform an audit?

Audit charter

What is the primary reason for the audit function directly reporting to the audit committee?

The audit function must be independent of the business function and should have direct access to the audit committee of the board

Self-evaluation questions

  1. An audit charter should be approved by:
    1. Higher management
    2. The head of audit
    3. The Information Security department
    4. The project steering committee
  1. The audit charter should:
    1. Be frequently upgraded as per changes in technology and the audit profession
    2. Incorporate yearly audit planning
    3. Incorporate business continuity requirements
    4. Incorporate the scope, authority, and responsibility of the audit department
  2. The prime objective of an audit charter is to:
    1. Document the procedural aspect of an audit
    2. Document system and staff requirements to conduct the audit
    3. Document the ethics and code of conduct for the audit department
    4. Document the responsibility and authority of the audit department
  3. The document that delegates authority to the audit department is:
    1. The audit planner
    2. The audit charter
    3. The IT policy
    4. The risk assessment and treatment document
  4. The prime reason for the review of an organization chart is to:
    1. Get details related to the flow of data
    2. Analyze the department-wise employee ratio
    3. Understand the authority and responsibility of individuals
    4. Analyze department-wise IT assets
  5. An IS auditor would be primarily influenced by:
    1. The charter of the audit department
    2. The representation by management
    3. The structure of the organization
    4. The number of outsourcing arrangements
  6. Which of the following is the result of a risk management process?
    1. A corporate strategic plan
    2. A charter incorporating the audit policy
    3. Decisions regarding the security policy
    4. Outsourcing arrangements
  1. Which of the following should be included in an audit charter?
    1. Annual audit planning
    2. The audit function's reporting structure
    3. Guidelines for drafting audit reports
    4. An annual audit calendar
  2. The scope, authority, and responsibility of the IS audit function is defined by:
    1. The approved audit charter
    2. The head of the IT department
    3. The operational head of the department
    4. The head of audit
  3. Which of the following functions is governed by the audit charter?
    1. The information technology function
    2. The external audit function
    3. The internal audit function
    4. The information security function
  4. Which of the following covers the overall authority to perform an IS audit?
    1. The audit scope with goals and objectives
    2. Management's request to perform an audit
    3. The approved audit charter
    4. The approved audit schedule
  5. The audit function should be reported to the audit committee of the board because:
    1. The audit function has few resources
    2. The audit function must be independent of the business function and should have direct access to the audit committee of the board
    3. No other function should use the resources of the audit function
    4. The audit function can use their own authority to complete the audit on a priority basis.
  6. The best objective for the creation of an audit charter is to:
    1. Determine the audit resource requirements
    2. Document the mission and long-term strategy of the audit department
    3. Determine the code of conduct for the audit team
    4. Provide the authority and responsibility of the audit function
You have been reading a chapter from
CISA – Certified Information Systems Auditor Study Guide
Published in: Aug 2020
Publisher: Packt
ISBN-13: 9781838989583
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at R$50/month. Cancel anytime