CISA Refresher 6 Flashcards Preview

CISA Stuff > CISA Refresher 6 > Flashcards

Flashcards in CISA Refresher 6 Deck (500)
Loading flashcards...
1

Audit Charter

document that states management's objectives for and delegation of authority to IS audit. Should be approved at the highest levels of management, and should outline the overall authority scope, and responsibilities of the audit function. Should not significantly change over time.

2

Engagement Letter

a letter that formalizes the contract between the auditor and the client and outlines the responsibilities of both parties; focused on a particular audit exercise that is sought to be initiated in an organization with a specific objective in mind

3

Audit Plan

A list of the audit procedures the auditors need to perform to gather sufficient appropriate evidence on which to base their opinion on the financial statements; consists of both short-term and long-term planning

4

Sarbanes-Oxley Act of 2002

Law that requires companies to maintain adequate systems of internal control

5

Professional Independence

In all matters related to the audit, the IS auditor should be independent of the auditee in both attitude and appearance

6

Organizational Independence

The IS audit function should be independent of the area or activity being reviewed to permit objective completion of the audit assignment

7

Audit Risk

the risk that information may contain a material error that may go undetected during the course of the audit

8

Error Risk

the risk of errors occurring in the area being audited

9

Information Technology Assurance Framework (ITAF)

provides an integrated process (involving technical and non-technical aspects) for developing and deploying IT systems with intrinsic and appropriate security measures in order to meet the organizations mission

10

General standards

standards that establish the guiding principles under which the IT assurance profession operates; they apply to the conduct of all assignments, and deal with the IT audit and assurance professional's ethics, independence, objectivity and due care, as well as knowledge, competency and skill

11

Performance standards

standards that establish baseline expectations in the conduct of IT assurance engagements; focused on the design of the assurance work, the conduct of the assurance, the evidence required, and the development of assurance and audit findings and conclusions

12

Reporting standards

standards that address the types of audit reports, means of communication, and information to be communicated at the conclusion of an audit

13

Risk analysis

part of audit planning, and helps identify risks and vulnerabilities so the IS auditor can determine the controls needed to mitigate those risks

14

Risk

the potential that a given threat will exploit vulnerabilities of an asset or group of assets and thereby cause harm to the organization; the combination of the probability of an event and its consequence

15

Business Risk

a risk that may negatively impact the assets, processes or objectives of a specific business or organization

16

IT Risk

the risk associated with the use, ownership, operation, involvement, influence, and adoption of IT within an enterprise

17

Risk Assessment Process

1. Identify Business Objectives

18

Internal controls

normally composed of policies, procedures, practices and organizational structures which are implemented to reduce risk to the organization; developed to provide reasonable assurance to management that the organization's business objectives will be achieved and risk events will be prevented, or detected and corrected

19

Preventive controls

Controls that deter control problems before they occur

20

Detective controls

Controls that discover problems as soon as they arise

21

Corrective controls

Controls that remedy control problems that have been discovered

22

Control objectives

statements of the desired result or purpose to be achieved by implementing control activities (procedures)

23

IS Control objectives

provide a complete set of high-level requirements to be considered by management for effective control of each IT process

24

COBIT 5

a comprehensive framework that assists enterprises in achieving their objectives for the governance and management of enterprise IT; helps enterprises create optimal value from IT by maintaining a balance between realizing benefits and optimizing risk levels and resource use

25

COBIT 5 Principles

1. Meeting stakeholder needs

26

Controls

include policies, procedures and practices established by management to provide reasonable assurance that specific objectives will be achieved

27

Compliance Audit

an audit that includes specific tests of controls to demonstrate adherence to specific regulator or industry standards

28

Financial Audit

an audit that assesses the accuracy of financial reporting

29

Operational Audit

an audit designed to evaluate the internal control structure in a given process or area

30

Integrated Audit

an audit that combines financial and operational audit steps