DOC PREVIEW
UNCW MSA 516 - IT Audit Documentation

This preview shows page 1-2 out of 6 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 6 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 6 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 6 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

IS AUDITING GUIDELINEG8 AUDIT DOCUMENTATIONThe specialised nature of information systems (IS) auditing and the skills necessary to perform such audits require standards that apply specifically to IS auditing. One of the goals of ISACA® is to advance globally applicable standards to meet its vision. The development and dissemination of the IS Auditing Standards are a cornerstone of the ISACA professional contribution to the audit community. The framework for the IS Auditing Standards provides multiple levels of guidance:• Standards define mandatory requirements for IS auditing and reporting. They inform:– IS auditors of the minimum level of acceptable performance required to meet the professional responsibilities set out in the ISACA Code of Professional Ethics– Management and other interested parties of the profession’s expectations concerning the work of practitioners– Holders of the Certified Information Systems Auditor™ (CISA®) designation of requirements. Failure to comply with the these standards may result in an investigation into the CISA holder's conduct by the ISACA Board of Directors or appropriate ISACA committee and, ultimately, in disciplinary action.• Guidelines provide guidance in applying IS Auditing Standards. The IS auditor should consider them in determining how to achieve implementation of the standards, use professional judgement in their application and be prepared to justifyany departure. The objective of the IS Auditing Guidelines is to provide further information on how to comply with the IS Auditing Standards.• Procedures provide examples of procedures an IS auditor might follow in an audit engagement. The procedure documents provide information on how to meet the standards when performing IS auditing work, but do not set requirements. The objective of the IS Auditing Procedures is to provide further information on how to comply with the IS Auditing Standards.Control Objectives for Information and related Technology (COBIT®) is an information technology (IT) governance framework and supporting tool set that allows managers to bridge the gaps amongst control requirements, technical issues and business risks. COBIT enables clear policy development and good practice for IT control throughout organisations. It emphasises regulatory compliance, helpsorganisations increase the value attained from IT, enables alignment and simplifies implementation of the COBIT framework’s concepts.COBIT is intended for use by business and IT management as well as IS auditors; therefore, its usage enables the understanding ofbusiness objectives and communication of good practices and recommendations to be made around a commonly understood and wellrespectedframework. COBIT is available for download on the ISACA web site, www.isaca.org/cobit. As defined in the COBIT framework,each of the following related products and/or elements is organised by IT management process:• Control objectives—Generic statements of minimum good control in relation to IT processes• Management guidelines—Guidance on how to assess and improve IT process performance, using maturity models; Responsible,Accountable, Consulted and/or Informed (RACI) charts; goals; and metrics. They provide a management-oriented framework forcontinuous and proactive control self-assessment specifically focused on:– Performance measurement– IT control profiling– Awareness– Benchmarking• COBIT Control Practices—Risk and value statements and ‘how to implement’ guidance for the control objectives• IT Assurance Guide—Guidance for each control area on how to obtain an understanding, evaluate each control, assess complianceand substantiate the risk of controls not being metA glossary of terms can be found on the ISACA web site at www.isaca.org/glossary. The words audit and review are usedinterchangeably in the IS Auditing Standards, Guidelines and Procedures.Disclaimer: ISACA has designed this guidance as the minimum level of acceptable performance required to meet the professionalresponsibilities set out in the ISACA Code of Professional Ethics. ISACA makes no claim that use of this product will assure asuccessful outcome. The publication should not be considered inclusive of all proper procedures and tests or exclusive of otherprocedures and tests that are reasonably directed to obtaining the same results. In determining the propriety of any specific procedureor test, the controls professional should apply his/her own professional judgement to the specific control circumstances presented bythe particular systems or IT environment.The ISACA Standards Board is committed to wide consultation in the preparation of the IS Auditing Standards, Guidelines andProcedures. Prior to issuing any documents, the Standards Board issues exposure drafts internationally for general publiccomment.The Standards Board also seeks out those with a special expertise or interest in the topic under consideration for consultation wherenecessary. The Standards Board has an ongoing development programme and welcomes the input of ISACA members and otherinterested parties to identify emerging issues requiring new standards. Any suggestions should be e-mailed ([email protected]),faxed (+1.847. 253.1443) or mailed (address at the end of document) to ISACA International Headquarters, for the attention of thedirector of research, standards and academic relations. This material was issued on 17 January 2008.G8 Audit Documentation ©1999, 2008 ISACA. All rights reserved. Page 21. BACKGROUND1.1 Linkage to Standards1.1.1 Standard S5 Planning, states ‘The IS auditor document an audit plan that lists the audit detailing thenature and objectives, timing and extent, objectives and resources required’.1.1.2 Standard S6 Performance of Audit Work, states ‘During the course of the audit, the IS auditor shouldobtain sufficient, reliable and relevant evidence to achieve the audit objectives. The audit findingsand conclusions are to be supported by appropriate analysis and interpretation of this evidence. Theaudit process should be documented, describing the audit work performed and the audit evidencethat supports the IS auditor's findings and conclusions’.1.1.3 Standard S7 Reporting, states ‘The IS auditor should provide a report, in an appropriate form, uponthe completion of the audit. The audit report should state the scope, objectives, period of coverage,and the nature, timing and extent of the audit work performed.


View Full Document

UNCW MSA 516 - IT Audit Documentation

Documents in this Course
Load more
Download IT Audit Documentation
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view IT Audit Documentation and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view IT Audit Documentation 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?