Please enable JavaScript.
Coggle requires JavaScript to display documents.
01_Process of auditing information (04_Performing an IS audit (Risk based…
01_Process of
auditing information
01_Management of
IS Audit function
Audit charter
Audit
planning
Effects of
Laws
& regulations
US HIPAA
SOX
Basel accords
Risk factors
02_ISACA IS Audit
standards &
guidelines
ISACA code of Prof.ethics
Encourage compliance with
standards & procedures
Perform duties with objectivity,
due diligence & prof.care
Maintain high standards
of conduct & character
Maintain the privacy &
confidentiality of information
Maintain competency
in respective field
Inform appropriate parties of
the results of work performed
Educate stakeholders
on Governance & mgt.
of Enterprise IT
Standards
General:
1000 series
1001: Audit charter
1002: Organisational independence
1003: Prof.independence
1004: Reasonable expectation
1005: Due professional care
1006: Proficiency
1007: Assertions
1008: Criteria
Performance:
1200 series
1201: Engagement planning
1202: Risk assessment in planning
1203: Performance & supervision
1204: Materiality
1205:Evidence
1206:Using the work of other experts
1207: Irregularity & illegal acts
Reporting:
1400 series
1401:Reporting
1402: Follow-up activities
Guidelines
Tools &
techniques
Examples
ITAF
Reference model
03_IS Controls
Risk analysis
Internal controls
IS Control objectives
COBIT 5
5 Key principles
Covering the enterprise end to end
Applying a single, integrated framework
Enabling a
holistic approach
7 Enablers of COBIT5
Separating governance from management
Meeting stakeholder needs
General controls
IS specific controls
04_Performing an IS audit
Audit objectives
Risk based auditing
Inherent risk
Control risk
Detection risk
Audit programs
Fraud detection
Compliance vs substantive testing
Evidence
Interviewing & observing personnel
in performance of their duties
Sampling
Types 1
Statistical
Non-statistical
Types 2
Atritubute sampling
Variable sampling
Computer assisted
Auditing techniques
Generalised audit software (GAS)
Utility software
06_Control Self
assessment
Objectives
Auditor's role in CSA
07_The evolving
IS audit process
Integrated
auditing
Continuous
auditing
Diff. between
Continous monitoring
Continuous auditing
05_Communicating
Audit Results
Audit report - Structure & contents
Audit documentation
Close findings