Beruflich Dokumente
Kultur Dokumente
Technology
Chapter 1: Audit Process Information
Systems
Content
Introduction
Quick Reference
Management of Information Systems Audit
Function
Standards and Guidelines and Audit Assurance
ISACA
Risk analysis
Internal Controls
Perform Audits of Information Systems
Self-Assessment of Control
Emerging changes in the Auditing Process
Conclusions
Questions
Introduction
Since 1978, the Certified Information
Systems Auditor (CISA) program, sponsored
by ISACA, has been the globally accepted
standard among information systems (IS)
audit, control, and security professionals.
Quick Reference
G1 Using the Work of Other Auditors with effect from March 1, 2008
G2 Audit Evidence Requirement with effect from May 1, 2008
G3 Techniques Using Computer Assisted Audit (CAATs) with effect from March 1, 2008
G4 outsourcing SI activities for other organizations with effect from May 1, 2008
G5 Audit Charter with effect from February 1, 2008
G6 Materiality Concepts for Auditing Information Systems with effect from May 1, 2008
G7 Due Professional Care with effect from March 1, 2008
G8 Audit Documentation with effect from March 1, 2008
G9 Audit Considerations for Irregularities and Illegal Acts effective from 1 September 2008
G10 Audit Sampling with effect from August 1, 2008
G11 Effect of General Controls SI with effect from August 1, 2008
G12 Organisational Relationship and Independence effect from August 1, 2008
G13 Use of Risk Assessment in Audit Planning with effect from August 1, 2008
G14 Review of application systems in force since 1 December 2008
G15 audit planning effective from May 1, 2010
G16 Effect of Third Parties on IT controls of an organization with effect from March 1, 2009
G17 Effect of Non-Audit role on the IT audit and assurance professional Independence effective from May 1, 2010
G18 IT Governance effective from 1 July 2002
G19 Irregularities and Illegal Acts Removed September 1, 2008
G20 Techniques current report from September 16, 2006
10
G21 Review System enterprise resource planning (ERP) effective as of September 16, 2010
G22 Review of e-commerce business-to-customer (B2C) effective as of August 1, 2003
G23 Review Life Cycle Systems Development (SDLC) with effect from August 1, 2003
G24 Internet Banking with effect from August 1, 2003
G25 Review of Virtual Private Networks with effect from July 1, 2004
G26 Project Review of Business Process Reengineering (BPR) with effect from July 1, 2004
11
12
13
INFORMATION TECHNOLOGY
ASSURANCE FRAMEWORK (ITAF)
14
15
16
17
18
19
20
21
22
Risk analysis
23
Internal Controls
24
25
Classification of audits
26
27
28
Risk Types
29
Risk Treatment
30
31
Evidences
32
Sampling
33
Methods sampling
34
35
36
Audit documentation
37
Self-Assessment of Control
38
Self-Assessment of Control
Feature
Feature
Description
Description
CSA target
CSA benefits
Disadvantages
of CSA
40
Conclusions
Auditing
information
systems
provide
information about the state in which are the
systems and starting in the report
generated allows senior management to
take the necessary measures to achieve
business goals.
41
Referencias
42