Upgrade to remove ads
CISA Domain 1
Terms in this set (16)
Steps in Risk Assessment
1. Identify critical assets / processes
2. Identify relevant risks
3. Do impact analysis (qualitative or quantitative)
4. risk prioritization
5. risk treatment
- document that states management's objectives for and delegation of authority to IS audit.
- Should be approved at the highest levels of management
- should outline the overall authority scope, and responsibilities of the audit function.
-Should not significantly change over time.
Benefits of CSA
- early detection of risk
- more effective and improved Internal Controls
- Assurance provided to stakeholders and customers
Objectives of CSA
- concentrate on areas of high risk
- enhance audit responsibility
Difference between Statistical vs Non-Statistical Sampling
Difference Between Attribute Sampling and Variable Sampling
Difference Between Stop or Go and Discovery Sampling
Electronic Data Interchange (EDI)
an approach that puts information in a standardized format easily shared between different computer systems
Process of Integrated Audit
- To identify risk faced by the organization
- To identify relevant key controls
- To understand design of key controls
- To test whether key controls are supported by the IT system
- To test controls are operating effectively
- To issue a combined report on risk, control, and weakness
Advantages of Integrated Audits
- Easy to link controls and audit procedures and thus process owners better understand the objectives of an audit
- Integrated audit helps to identify and implement better allocation and utilization of IT resources
- Ability to establish linkage between good corporate governance and reliable financial statements
A check digit is a numeric value that has been calculated mathematically and is added to data to ensure that original data have not been altered or that an incorrect, but valid, match has occurred. The check digit control is effective in detecting transposition and transcription errors.
CSA (Control Self-Assessment)
-process that involves employees in assessing the adequacy of controls and identifying opportunities for improvement within an organization
(1) traditional auditing concepts,
(2) risk analysis,
(3) self-assessment approaches
- CSA is the review of business objectives and internal controls in a formal and documented collaborative process. It includes testing the design of automated application controls.
- Most important to ensure effective application controls are maintained.
- Management ownership of the internal controls supporting business objectives is reinforced.
- The attributes of CSA include empowered employees, continuous improvement extensive employee participation and training - all of which are representations of broad stakeholder involvement.
During the planning stage of an IS audit, the primary goal of the IS Auditor is to ___
Address Audit Objectives
What attribute is most affected by the use of CAATS (Computer-Assisted Audit Techniques)?
'- CAATs are tools used for accessing data in an electronic form from diverse software environments, record formats, etc.
- CAATs serve as usefull tools for collecting anf evaulatin adit evidence accoridng to audit objectives and can create effeciciences for collecting this evidence.
- Reliability is the attribute most affected by the use of CAATs. Because the data are directly collected by the IS auditor, the audit findings can be reported with an emphasis on the reliability of the records that are produced and maintained in the system.
Trend/Variance Detection Tools
Look for anomalies in user or system behavior, such as invoices with increasing invoice numbers.
What is the PRIMARY requirement that a data mining and auditing software tool should meet?
Accurately capture data from the organization's systems without causing excessive performance problems. The most critical requirement is that the tool works effectively on the systems of the organization being audited.
THIS SET IS OFTEN IN FOLDERS WITH...
CISA Domain 3
CISA Domain 2
CISA Domain 4
CISA Domain 5
YOU MIGHT ALSO LIKE...
Auditing Test 3 (short answer)
Internal Audit Chapter 7
ACC 413 Chapter 7
OTHER SETS BY THIS CREATOR
CISA Domain 5
CISM Domain 2
CISM Essentials Section 1