Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
22 Cards in this Set
- Front
- Back
|
List the 5 tasks within the domain covering the process of auditing information systems. |
T1.1 Develop and implement a risk-based IT audit strategy in compliance with IT audit standards to ensure that key areas are included. T1.2 Plan specific audits to determine whether information systems are protected, controlled and provide value to the organization. T1.3 Conduct audits in accordance with IT audit standards to achieve planned audit objectives. T1.4 Report audit findings and make recommendations to key stakeholders to communicate results and effect change when necessary. T1.5 Conduct follow ups or prepare status reports to ensure that appropriate actions have been taken by management in a timely manner. |
|
|
List the 10 knowledge statements within the domain covering the process of auditing information systems. |
KS1.1 Knowledge of ISACA IT Audit and Assurance Standards, Guidelines, and Tools and Techniques; Code of Professional Ethics; and other applicable standards. KS1.2 Knowledge of risk assessment concepts, tools and techniques in an audit context. KS1.3 Knowledge of control objectives and controls related to information systems KS1.4 Knowledge of audit planning and audit project management techniques, including follow-up KS1.5 Knowledge of fundamental business processes (e.g., purchasing, payroll, accounts payable, accounts receivable) including relevant IT. KS1.6 Knowledge of applicable laws and regulations that affect the scope, evidence collection and preservation, and frequency of audits. KS1.7 Knowledge of evidence collection techniques (e.g., observation, inquiry, inspection, interview, data analysis) used to gather, protect and preserve audit evidence. KS1.8 Knowledge of different sampling methodologies KS1.9 Knowledge of reporting and communication techniques (e.g., facilitation, negotiation, conflict resolution, audit report structure) KS1.10 Knowledge of audit quality assurance systems and frameworks. |
|
|
Task statement 1.1 maps to which knowledge statements? |
1,2,3,5,6,10 |
|
|
Task statement 1.2 maps to which knowledge statements? |
1,2,3,4,5,6 |
|
|
Task statement 1.3 maps to which knowledge statements? |
1,2,3,4,5,6,7,8,9 |
|
|
Task statement 1.4 maps to which knowledge statements? |
1,3,7,9 |
|
|
Task statement 1.5 maps to which knowledge statement? |
1,4 |
|
|
The credibility of any audit activity is largely determined by what? |
Its adherence to commonly accepted standards (KS1.1) |
|
|
IS Audit and Assurance Standards, Guidelines, and Tools and Techniques, and the Code of Professional Ethics are developed, circulated and issued by whom? |
ISACA. Issued in order to provide a framework of minimum and essential references regarding how an IS auditor should perform work and act in a professional manner. KS1.1 |
|
|
Failure to follow standards or justify departure from guidelines may result in...... |
a violation of the Code of Professional Ethics. |
|
|
The overall audit plan of an organization should be based on what? |
Business risks related to the use of IT. |
|
|
An IS auditor is expected to focus on risk. What techniques should he be aware of and put into practice? |
The IS auditor should be aware of, and be able to put into practice, the risk analysis techniguqes needed to identify and prioritize business risks within the audit scope. This approach allows the IS auditor to create an audit plan that applies finite audit resources to where they are most needed. KS1.2 |
|
|
What main types of risk does an auditor need to focus on? |
Although business risk is the most important driver of the audit program, the IS auditor must also take steps to minimize associated elements such as sampling risk, detection risk, materiality of findings, etc., since these may impact the adequacy of the review. KS1.2 |
|
|
Why is audit planning and preplanning so important? |
To achieve audit objectives within a precise scope and budget the audit should be adequately planned. Audit planning requires a similar level of preplanning to ensure an appropriate and efficient use of audit resources.
Auditors need to understand project planning and management techniques to properly manage the audit and avoid an inefficient utilization of resources. KS1.4 |
|
|
What must an IS Auditor do to effectively identify a enterprise's key risk? |
The IS Auditor must obtain an understanding of the organization and its environment, specifically obtaining an understanding of the external and internal factors affecting the entity, the entity's selection and application of policies and procedures, the entity's objectives and strategies, and the measurement and review of the entity's performance. KS1.5 |
|
|
Laws and regulations of any kind, including international treaties, central, federal or local government; or industry-related laws and regulations, affect the way that organizations conduct business, and very often determine what things? |
Scope, frequency and type of audits, and how reporting requirements are substantially affected.
In fraud investigations or legal proceedings, maintaining the integrity of evidence throughout the evidence life cycle may be referred to as the chain of custody when the evidence is classified as forensic evidence. KS1.6 |
|
|
One essential audit concept is that audit findings must be supported by.... |
objective evidence (Is is essential to know the techniques used to gather and preserve evidence. Information is gathered form the auditees or from a variety of alternative sources, including: reference manuals, accountants, banks, suppliers, vendors, etc.) |
|
|
How is information/evidence gathered during the audit process? |
It is gathered through inquiry, observation and interviews, and analysis of data using computer-assisted auditing techniques (CAATS). |
|
|
Audit conclusions should be supported by |
reliable and relevant evidence. |
|
|
What is the lifecycle of an audit? |
The lifecycle includes collection, analysis, and preservation and destruction of evidence. |
|
|
T/F System configuration settings copied by a system administrator to a spreadsheet and then presented to an auditor would not be considered as reliable since they would have been subject to alteration. |
True |
|
|
T/F Since electronic evidence is more dynamic than hard copy documents, security measures should be used to preserve the integrity of evidence collected and provide assurance that the evidence has not been altered in any way. |
True |
