Recommended
More Related Content
What's hot
What's hot (20)
Similar to CISA Overview
Similar to CISA Overview (20)
CISA Overview
- 1. Why
- 12. Internal Control: Internal control, as defined in accounting and auditing, is a process for assuring achievement of an organization's objectives in operationaleffectiveness and efficiency, reliable financial reporting, and compliance with laws, regulations and policies. A broad concept, internal control involves everything that controls risks to an organization.[1]
- 13. IS Audit is defined as: • Collect and evaluate evidence to determine whether the information systems and related resources adequately safeguard assets • Maintain data and system integrity • Provide relevant and reliable information • Achieve organizational goals effectively, and • Consume resources efficiently.
- 16. The Audit Charter • An audit charter establishes the role of the IS audit function. • An IS audit can be integrated within the financial or operation audit, or it can be part of an internal audit. • The charter should include: • A clear statement of management's responsibility and objectives for the audit function • Management's delegation of authority to the audit function • The overall authority, scope and responsibilities of the audit function • The reporting lines and relationships
- 17. The Audit Charter • A definition of the organizational independence of the internal audit, including accountability of the audit and provision for objective assessment of its resource requirements • A recognition of the control environment of the organization (operations, resources, services, responsibilities to external entities) • The internal audit's right of access to all records, assets, personnel and premises, including those of partner organizations • The internal audit's authority to obtain the information and explanations it considers necessary to fulfill its responsibilities • The charter should be approved at the highest management level and by the audit committee if available. • Once the charter has been established, any changes must be thoroughly justified.
- 19. Audit Documentation • In addition to the audit plan, the documentation for an IS audit includes: • A description or diagram of the IS environment • Audit programs • Minutes of meetings • Audit evidence • Findings • Conclusions and recommendations • Any report issued as a result of the audit work • Supervisory review comments, if any
- 20. Audit Phases Audit Phase Description Audit subject Identify the area to be audited Audit objective Identify the purpose of the audit. Audit scope Identify the specific systems, function or unit of the organization to be included in the review. Preaudit planning • Identify technical skills and resources needed. • Identify the sources of information for test or review such as functional flow charts, policies, standards, procedures and prior audit workpapers. • Identify locations or facilities to be audited Data Gathering • Audit approach to verify and test the controls • Audit tools and methodology to test and verify control Audit Report • Identify follow-up review procedures Review and evaluate the soundness of documents, policies and procedures
- 22. COBIT
- 23. COBIT 5: Governance and Management Governance ensures that enterprise objectives are achieved by evaluating stakeholder needs, conditions and options; setting direction through prioritisation and decision making; and monitoring performance, compliance and progress against agreed-on direction and objectives (EDM). Management plans, builds, runs and monitors activities in alignment with the direction set by the governance body to achieve the enterprise objectives (PBRM).