1.2: Audit Charter (Doshi) Flashcards
What does an Audit Charter outline?
The overall authority, scope and responsibilities of the Audit Function.
Who should approved the audit charter?
Top Management.
- Preferably, highest level of management and audit committee should approve this charter
What should influence the auditor’s action?
An auditor ‘s actions should only be influenced by the audit charter which will define the roles and responsibilities of the audit functions.
Is the audit charter a dynamic document by nature?
No.
The audit charter is rather a static ( does not change often) . It should be changed only if change can be thoroughly justified
What information should NOT be included in the audit charter?
(1) yearly audit calendar,
(2) audit planning,
(3) yearly resource allocation and
(4) other routine audit activities,
Aspects like the Professional fees, other payables, travel expenses budget for auditors, etc. are not included in Audit Charter
Role of Chief Auditor:
To carry out audit process as per approved audit charter.
Independence of audit charter:
Audit charter should be independent from IS department and IT steering committee.
An audit charter should state management’s objectives for and delegation of authority to IS audit and MUST be:
A. approved by the top management.
B. approved by Chief Audit Officer.
C. approved by IS department.
D. approved by IT steering committee.
A. approved by the top management.
The audit charter should be approved by the highest level of management. Role of Chief Audit Officer is to carry out audit process as per approved audit charter. Audit charter should be independent from IS department and IT steering committee.
The audit charter should be approved by the highest level of management and should:
A. is updated often to upgrade with the changing nature of technology and the audit profession.
B. include audit calendar along with resource allocation.
C. include plan of action in case of disruption of business services.
D. outlines the overall authority, scope and responsibilities of the audit function.
D. outline the overall authority, scope and responsibilities of the audit function.
(1) An audit charter should state management’s objectives for and delegation of authority to IS audit.
(2) Charter should not be significantly changed over time. An audit charter outlines the overall authority, scope and responsibilities of the audit function. An audit charter would not be at a detailed level and therefore frequent updating is not required.
(3) Audit charter would not include detailed audit calendar and resource allocation.
(4) Action plan in case of disruption of services is included in BCP policy and not in Audit Charter.
Primary purpose of an audit charter is to:
A. describe audit procedure.
B. define resource requirement for audit department.
C. prescribe the code of ethics used by the auditor
D.to prescribe authority and responsibilities of audit department.
D. to prescribe authority and responsibilities of audit department.
The charter’s main purpose is to define the auditor’s roles and responsibilities. It should evidence a clear mandate and authority for the auditors to perform their
work. Audit procedure, resource requirements and code of ethics will not be a part of audit charter.
The document used by the top management of organizations to delegate authority to the IS audit function is the:
A. audit calendar.
B. audit charter.
C. risks register.
D.audit compendium.
B. audit charter.
The audit charter outlines the overall authority, scope and responsibilities of the audit function to achieve the audit objectives stated in it. Audit Calendar will include planning of audit department. Risk register will include details of identified risk and its mitigating controls. Audit compendium includes summary of critical of audit observations for higher management.
An IS auditor reviews an organization chart PRIMARILY for:
A. getting information about data-flow.
B. to assess number of employees in each department.
C. understanding the responsibilities and authority of individuals.
D. to assess number of laptops/desktops in each department.
C. understanding the responsibilities and authority of individuals.
An organization chart provides information about the responsibilities and authority of individuals in the organization. This helps the IS auditor to know if there is a proper segregation of functions.
In a risk-based audit approach, an IS auditor, in addition to risk, would be influenced PRIMARILY
by:
A. the audit charter.
B. management’s representation.
C. organizational structure
D. no. of outsourcing contracts.
A. the audit charter.
Auditor’s role and responsibility is documented in Audit Charter. The audit charter outlines the overall authority of Audit function. Hence primarily his actions will be influenced by Audit Charter.
The result of risk management process is used for making:
A. business strategy plans.
B. audit charters.
C. security policy decisions.
D. decisions related to outsourcing.
C. security policy decisions.
The risk management process is about making specific, security-related decisions, such as the level of acceptable risk. Choices A, B and D are not ultimate goals of the risk management process
Audit Charter should include:
A. Yearly audit resource planning.
B. audit function’s reporting structure.
C. audit report drafting guidelines.
D. Yearly audit calendar.
B. audit function’s reporting structure.
Audit Charter outlines the overall authority, scope and responsibilities of the Audit Function. Audit Charter should include audit function’s reporting structure. Ideally, Head of audit function reports to audit committee.
