Chapter 1 - The process of auditing information systems Flashcards Preview

CISA > Chapter 1 - The process of auditing information systems > Flashcards

Flashcards in Chapter 1 - The process of auditing information systems Deck (4)
Loading flashcards...

What is an intelligent agent?

Intelligent agents, often referred to as bots, can be as familar as thermostats. They gather information at least somewhat autonomously and automate the process of evaluation, making real-time continuous monnitoring possible. They can issue alerts when certain conditions are met. e.g. send out notifications when a website has been updated.


what are the different control calssifications?

1. Preventative
e.g. Employ only qualified personnel,
Establish suitable procedures for authorisation of transactions;
Complete programmed edit checks
Use access control software that only allowed authorised personnel to access sensitive information
Use encryption software

2. Detective, e.g.:
Harsh totals;
Check points in production jobs
Echo controls in telecommunication
Error message over tape labels
Duplicate checking of calculations
Periodic performance reporting with variances
Past-due account reports
Internal audit function
Review of activity logs
Secure code reviews
Software quality assurance

3. Corrective; e.g.
Contingency/Continuity of operations planning
Disaster recovery planning
Incident response planning
Backup procedure
Rerun procedure
System break/fix service level agreements


what are the advantages of CSA?

CSA is normally used in high risk areas.

1. Early dection of risk
2. More effective and improved internal controls
3. Creation of cohesive teams through employee involvement
4. Developing a sense of ownership and reduce resistance to control improvement
5. Increased employee awareness
6. Increased communication between operational and top management
7. highly motivated employees
8. Improved audit rating process
9. Reduction in control cost
10. Assurance provided to stakeholders and customer


What are the disadvantages of CSA?

1. It could be mistaken as an audit function replacement
2. It may be regarded as an additional workload
3. Failure to act on improvement suggestions could damage the employee morale
4. Lack of motivation may limit effectivenss in the detection of weakcontrols.