IS AUDIT Flashcards
Enumerate the four Audit Process
PLANNING
COMPLIANCE TESTING
SUBSTANTIVE TESTING
REPORTING
The IS auditor and the auditee must establish a reason why an audit is to be performed.
Purpose
To know which areas require the greatest amount of attention,
the IS auditor needs to be familiar with the levels of risk associated with the domain being audited.
Risk Analysis
It could be a given period, meaning records spanning a start date and end date may comprise the body of evidence, geography (systems in a particular region or locale), technology (systems using a specific operating system, database, application, or other aspect), business process (systems that support specific processes such as accounting, order entry, or customer support), or segment of the organization.
scope
There may be specific rules on sample sizes and sampling techniques, or it may require the auditors with specific qualifications to perform the audit. A
Audit procedures
The IS auditor needs to develop an audit schedule that will
give enough time for interviews, data collection and analysis, and report generation.
Schedule
The IS auditor must determine what resources are needed and available for the audit.
Resources
Refers to the specific goals for an audit
Audit objectives
This type of audit is an examination of IS controls, security controls, or business controls to determine control existence and
effectiveness.
Operational Audit
This type of audit is an examination of the organization’s accounting system, including accounting department processes and procedures.
Financial Audit
This type of audit combines an operational audit and a
financial audit in order for the auditor to gain a complete understanding
of the entire environment’s integrity
Integrated Audit
This type of audit is a detailed examination of most or all of an IS
department’s operations.
IS Audit
This type of audit is an examination of operational efficiency within some segment of the organization
Administrative Audit
This type of audit is performed to determine the level
and degree of compliance to a law, regulation, standard, or internal control.
Compliance Audit
This type of audit is usually performed by an IS auditor or a forensic specialist in support of an anticipated or active legal proceeding.
Forensic audit
An examination of
business processes, IS systems, and business records in anticipation of an upcoming external audit.
Pre-audit
This type of testing is used to determine if control procedures have been properly designed and implemented, and that they are operating properly
Compliance testing
This type of testing is used to determine the accuracy and integrity of transactions that flow through processes and information systems
Substantive testing
The information collected by the auditor during the course of the audit project.
Evidence
Enumerate Characteristics of an IS Auditor
Independence
Qualifications
Objectivity
Timing
Refers to the technique that is used when it is not feasible to test an entire population of transactions.
Sampling
A technique of random selection is used that
will statistically reflect the entire population
Statistical Sampling
In this type of sampling the IS auditor judgmentally and subjectively selects samples based on established criteria such as risk or materiality.
Judgmental Sampling
Used to calculate an average by group, similar to demographics, whereby the entire population is divided into smaller groups based on similar characteristics
Stratified Sampling
