CISA Ch 1 - Process of Auditing Information Systems. Exam Study Guide.
5 views 0 purchase
Course
CISA
Institution
CISA
CISA Ch 1 - Process of Auditing Information
Systems. Exam Study Guide.
Audit Charter - answerdocument that states management's objectives for and delegation of
authority to IS audit. Should be approved at the highest levels of management, and should
outline the overall authority scope, and resp...
CISA Ch 1 - Process of Auditing Information
Systems. Exam Study Guide.
Audit Charter - answer✔✔document that states management's objectives for and delegation of
authority to IS audit. Should be approved at the highest levels of management, and should
outline the overall authority scope, and responsibilities of the audit function. Should not
significantly change over time.
Engagement Letter - answer✔✔a letter that formalizes the contract between the auditor and the
client and outlines the responsibilities of both parties; focused on a particular audit exercise that
is sought to be initiated in an organization with a specific objective in mind
Audit Plan - answer✔✔A list of the audit procedures the auditors need to perform to gather
sufficient appropriate evidence on which to base their opinion on the financial statements;
consists of both short-term and long-term planning
Sarbanes-Oxley Act of 2002 - answer✔✔Law that requires companies to maintain adequate
systems of internal control
Professional Independence - answer✔✔In all matters related to the audit, the IS auditor should
be independent of the auditee in both attitude and appearance
Organizational Independence - answer✔✔The IS audit function should be independent of the
area or activity being reviewed to permit objective completion of the audit assignment
Audit Risk - answer✔✔the risk that information may contain a material error that may go
undetected during the course of the audit
Error Risk - answer✔✔the risk of errors occurring in the area being audited
Information Technology Assurance Framework (ITAF) - answer✔✔provides an integrated
process (involving technical and non-technical aspects) for developing and deploying IT systems
with intrinsic and appropriate security measures in order to meet the organizations mission
General standards - answer✔✔standards that establish the guiding principles under which the IT
assurance profession operates; they apply to the conduct of all assignments, and deal with the IT
audit and assurance professional's ethics, independence, objectivity and due care, as well as
knowledge, competency and skill
Performance standards - answer✔✔standards that establish baseline expectations in the conduct
of IT assurance engagements; focused on the design of the assurance work, the conduct of the
assurance, the evidence required, and the development of assurance and audit findings and
conclusions
Reporting standards - answer✔✔standards that address the types of audit reports, means of
communication, and information to be communicated at the conclusion of an audit
Risk analysis - answer✔✔part of audit planning, and helps identify risks and vulnerabilities so
the IS auditor can determine the controls needed to mitigate those risks
Risk - answer✔✔the potential that a given threat will exploit vulnerabilities of an asset or group
of assets and thereby cause harm to the organization; the combination of the probability of an
event and its consequence
Business Risk - answer✔✔a risk that may negatively impact the assets, processes or objectives
of a specific business or organization
IT Risk - answer✔✔the risk associated with the use, ownership, operation, involvement,
influence, and adoption of IT within an enterprise
Risk Assessment Process - answer✔✔1. Identify Business Objectives
2. Identify Information Assets supporting the BOs
3. Perform Risk Assessment (RA)
4. Perform Risk Mitigation (RM)
5. Perform Risk Treatment (RT)
6. Perform Periodic Risk Reevaluation
Internal controls - answer✔✔normally composed of policies, procedures, practices and
organizational structures which are implemented to reduce risk to the organization; developed to
provide reasonable assurance to management that the organization's business objectives will be
achieved and risk events will be prevented, or detected and corrected
Preventive controls - answer✔✔Controls that deter control problems before they occur
Detective controls - answer✔✔Controls that discover problems as soon as they arise
Corrective controls - answer✔✔Controls that remedy control problems that have been
discovered
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Brightstars. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $11.49. You're not tied to anything after your purchase.
