ISACA auditing standards and guidelines Flashcards
ISACA requirements for certification holders
Maintain at least 120 hours of training every three years (and a minimum of 20 hours per year). in order to maintain certification.
Relationship between ISACA audit standards, audit guidelines, and Code of Professional Ethics
Audits standards & Code of Ethics are mandatory
Audit guidelines is optional
Payment Card Industry Data Security Standard : PCI-DSS
Data Security Standard developed by a consortium of the major credit card branch.
ISACA Auditing and Assurance Standards (ITAF)
known as the Information Technology Assurance Framework (ITAF) defines minimum standards of performance related to security, audits, and the actions that result from audits.
How should senior management support audit charter
Through direct signature or by linking the audit charter to corporate policy.
1207, Irregularity and Illegal Acts
The auditor should recognize that irregularities and/or illegal acts could be ongoing in one or more of the processes that he is auditing. The IS auditor should obtain written attestations from management that state management’s responsibilities for the proper operation of controls.
If IS Auditor encounters irregularities or illegal acts during audit
Document all conversations and retain all evidence of correspondence. Report any matter of material irregularities or illegals acts to managements.
If material findings or irregularities prevent the auditor from continuing the audit,
the auditor should carefully weigh his options and consider withdrawing from the audit.
Standards vs Guidelines
1- Standards are statements that all IS auditors are expected to follow, and they can be considered a rule of law for auditors.
2- Guidelines are statements that help IS auditors better understand how ISACA standards can be implemented.
Risk Analysis in the context of an audit
Is the activity that is used to determine the areas that warrant additional examination and analysis.
ISACA audit and assurance guidelines
contain information that helps the auditor understand how to apply ISACA audit standards. These guidelines are a series of articles that clarify the meaning of the audit standards.
