Upgrade to remove ads
Only $2.99/month

CISA Domain 1 - Auditing Process & Domain 2 - IT Governance

Terms in this set (21)

BSC Measures
Performance, effectiveness (PEREF - IIFC)
1 -internal processes
2 -innovation
3- financial
4- customer
IT BSC Measures
BUOI
1-Business contribution
2-user experience
3-operational excellence
4-innovaction
Purpose and objective of CSA (Control Self Assessment)
to leverage internal audit function by shifting control monitoring to functional areas. Benefit is to determine risk, it is an assessment of controls made by the staff and mgt. Role of auditor is to facilitate
vulnerability
any asset procedural weakness
Risk (equation)
PCO-probability X cost of event
SLE (single loss expectancy)
AV (asset value) X EF (exposure factor) =% of value lost
ALE (annual loss expectancy)
SLE (single loss expectancy) X ARO (annual rate of occurrence [range 0-1./yr])
Audit Charter
Responsibility-scope goals & objectives
Authority- right to access & audit
Accountabilty - agreement between auditor/audit committee; reporting requirements
The audit committee is a subgroup of the board of directors. The audit department should report to the audit committee and the audit charter should be approved by the committee
Audit Phases and deliverables
SOS PAPPA
Subject-identify the area to be audited
Objective-purpose of the audit
Scope-identify systems and functions
Pre-Planning-identify resources, sources of information for testing, locations
Audit procedures & steps for data gathering-identify approach, list of individuals to interview, obtain policies and methodology to verify controls
Procedures for evaluating - org specific
Procedures for communication with mgt- org specific
Audit report preparation - identify followup, procedures to evaluate, identify procedures to test, review and evaluate the soundness of documents
The audit function
established by an audit charter which is approved by senior management, independent and report to the audit committee
Risk based audit approach
1-gather information and plan
2-obtain understanding of internal control
3- perform compliance tests, perform substive tests, conlcude
Types of audits
operational, financial, integrated, IS, administrative, compliance, forensic, service provider and pre-audit
Compliance testing
you have a process, are you following it?
Substantive testing
used to verify accuracy & integrity of transactions, could be calculation or inventory count
Attribute sampling
method used for compliance testing
Determine if attribute is present
if you see attribute think compliance
Variable sampling
how much?
method used for substantive testing
to test transactions for monetary values or count
If you see variable think substitive
Risks related to audits
DISCO - control, detection, inherent, overall and sampling risk
Confidence co-efficient
is the probability that the characteristics are true representation of the population. If internal controls are strong the Confidence Coefficient may be lowered
Internal control objectives examples
1- protection of assets
2- accuracy off transactions
3- confidentiality and privacy of data
4- availability of data
IS Control objective examples
1 -protection of information from unauthorized personnel
2- protection of information from unauthorized methods
OSI
Please, Do, Not, Throw, Sausage, Pizza, Away
THIS SET IS OFTEN IN FOLDERS WITH...