Please enable JavaScript.
Coggle requires JavaScript to display documents.
IS audit & IS AUDIT AND ASSURANCE STANDARDS & CODE OF…
IS audit &
IS AUDIT AND ASSURANCE STANDARDS &
CODE OF PROFESSIONAL ETHICS
formal examination and/or testing of information systems to determine whether:
•
Information systems
are in compliance with
applicable laws, regulations, contracts and/or industry guidelines.
(LRCI)
•
Information systems and related processes
comply with
governance criteria
and related and
relevant policies and procedures
. (GOV., Policy and Procedure)
•
IS data and information
have appropriate levels of
confidentiality, integrity and availability.
(CIA)
•
IS operations
are being accomplished
efficiently and effectiveness
targets are being met. (EE)
IS Audit and Assurance Standards
inform a variety of audiences of critical
information
For IS auditors
minimum level of acceptable performance required to
meet the professional responsibilities set out in the Code of
Professional Ethics
For management and other interested parties
profession’s expectations
concerning the work of practitioners.
For holders of the CISA designation
professional performance
requirements.
Framework of these standards provide for following documents
Standards
mandatory requirements for
IS auditing and reporting
Guidelines
Provide Guidance applying standards
IS auditor should consider them in determining how to achieve implementation of the above standards
use professional judgment in their
application
justify any departure from the standards.
Tools and techniques
provide
examples of processes
an IS auditor might follow in an audit engagement
provide information on
how to meet the standards
when completing IS auditing work, but do not set requirements.
CODE OF PROFESSIONAL ETHICS
Inform appropriate parties of the results of work performed,
disclosure of all significant facts known to them
Maintain competency
in their respective fields agree to undertake only those activities they can reasonably expect to complete with the necessary skills, knowledge and competence.
Maintain the
privacy and confidentiality of information
obtained in the course of their activities
unless disclosure is required by legal authority.
Such information shall not be used for personal benefit or released to inappropriate parties.
Support the implementation of, and encourage compliance with,
appropriate standards and procedures
for the
effective governance and management of enterprise information systems and technology,
including
audit, control, security and risk management
#
Perform their duties with objectivity,
due diligence and professional care
, in accordance with professional standards.
Serve in the
interest of stakeholders
in a lawful manner, while
maintaining high standards of conduct and character
, and
not discrediting their profession or the Association.
Support the professional education of stakeholders in enhancing their understanding of the governance and management of enterprise information systems and technology, including audit, control, security and risk management.