Amedeo Maturo

Protección de Datos y Administración Electrónica

Road to CISA, Step 5: Performing an IS Audit

At least, it’s turn for the “Performing an IS Audit” part of my CISA Review Manual  2013 study plan. When I started reading this chapter, I was quite anxious; it was like “That’s what you’ve been looking for”, and, yes, definitely it was.

What I learnt it’s all about methodologymethodology and methodology.

Components of an Audit methodology are:

  • a statement of scope;
  • a statement of audit objectives; and
  • a statement of audit programs.

Audit methodology is divided in following phases:

Audit Charter: see previous post here;

Audit Objectives, when the auditor and the auditee identify the purpose of the audit. Purposes can be:

  • Compliance audits, to demonstrate adherence to specific regulatory or industry standards;
  • Financial audits;
  • Operational audits, to evaluate the internal control structures in a given process/area;
  • Integrated audits, an audit that combines Financial and Operational audit steps;
  • Administrative audits, to assess the efficiency y productivity of a process/unit/area;
  • IS Audits;
  • Specialized audits.

Audit scope, when specific systems, functions or unit are identified to be included in the audit process;

Preaudit planning: the time when:

  • technical skills and resources needed are identified;
  • sources of information are selected, like procedures and prior audit work paper are settled;
  • facilities and locations are identified.

Audit procedures and steps for data gathering: the time to identify individuals for interviews;

Procedures for evaluating the test results and Procedures for communication with management (both depends on the specific auditee needs);

Audit report preparation: the time to review and evaluate documents, policies and procedures.

Then, many months later…, a good IS Auditor presents Audit documentation to the auditee. How? Well, the answer, maybe, in next posts.

Categoría: audit charter, audit methodology, CISA, IS Auditor

Etiquetas: , ,

Deja un comentario

Archivos

Mi Twitter

Temas