Domain 1 - IS Audit Planning & Execution Flashcards
What is the steps in IS Audit Process?
1) Planning
2) Perform risk assessment
3) Prepare audit program
4) Perform preliminary controls review of audit area or subject to assess initial control risk & materiality
5) Evaluate the audit area or subject
6) Gather evidence
7) Perform compliance testing
What is Detection Risk?
The risk that material errors or misstatements will not be detected by the auditor
What is Control Risk?
The risk that material error exists that would not be prevented or detected on a timely basis by the system of internal controls
What is Inherent Risk?
The risk that a material error could occur, assuming no related internal controls to prevent or detect the error
What is Audit Risk?
The risk that:
1) information or financial reports may contain material errors; or
2) IS auditor may not detect an error that has occurred; or
3) It is also the level of risk an auditor is prepared to accept during an audit engagement
Audit Program should include?
Scope, audit objectives, audit procedures, & administrative details such as planning & reporting
Definition of Internal Controls
Internal controls are developed to provide reasonable assurance that a company’s business objectives will be achieved & undesired risk events will be prevented, detected & corrected.
Definition of Control Objectives
Control Objectives specify minimum set of controls necessary to ensure efficiency & effectiveness. It determines how an internal control should function
Definition of Control Procedures
Control Procedures are developed to provide reasonable assurance that specific objectives will be achieved
Audit Charter should be approved by?
Audit Committee
Primary purpose of IT Forensic Audit?
Systematic collection & analysis of evidence after a system irregularity. The evidence collected can then used in judicial proceedings.
First step in IS audit planning phase
Development of risk assessment. This is to determine how an internal audit resources should be allocated to ensure all material items are addressed.
What is the steps in Risk Management Process?
1) Identify Business Objectives (BO)
2) Identify Information Assets supporting the BO
3) Perform Risk Assessment - Threats, Vulnerability & Impact
4) Risk Mitigation - map risk items with controls in place
What is attribute sampling?
Attribute sampling attempts to estimate the rate of occurrence of a specific quality (attribute) in a population & is used in compliance testing to confirm whether the quality exists. It is appropriate for testing true or false, correct or incorrect function questions.
Benefit of Control Self-Assessment (CSA)?
1) reinforce management’s ownership of internal controls
2) ensures that internal controls continue to enforce business objectives