Module 6: Audit Project Management Flashcards
What are the basic steps for managing and administering audit projects?
- Plan the audit engagement
- Build the Audit Plan
- Execute the plan
- Monitor Project Activity
Make a realistic estimates of the
time requirements for each task
with proper consideration given
to the _____ of the auditee
availability
What is the difference between control and audit objectives?
-Audit objectives refer to what you want to achieve in an audit
-Control objectives refer to how you want an internal control to function
Audit Objectives: An audit generally incorporates one objective (T or F)
False. Multiples
Audit Objectives: What is mostly the main focus of audit objectives?
To ensure that an internal control exists to minimize risk
To ensure that internal controls functions as expected
Audit Objectives: Audit management may give an IS auditor a general control objective to
review and evaluate when performing an audit. (T or F)
True
Audit Objectives: An is auditor must understand what?
How general audit objectives can be translated into specific IS control objective
Audit Objectives: What is one of the primary purpose of an IS audit
- To identify control objectives
- To identify the related controls that address these objectives
Audit Objectives: An IS auditor should identify both key ____after developing an understanding and documenting the business processes and the applications/functions that support
these processes and general support systems
general and application controls
Audit Phases - Planning: What are the steps in the planning phase of auditing?
- Determine the audit subject
- Determine the audit objective
- Identify the audit scope
- Perform Preaudit Planning
- Determine Procedures
Audit Phases - Planning: A ______ will help the IS auditor define a set of______ that is relevant to the
audit and further determine the ___________ necessary to evaluate different
technologies and their components
- clear scope
- testing points
- technical skills and resources
Audit Phases - Planning: What is done in order to finalize the scope of an audit plan?
Risk assessment
Audit Phases - Planning: In which step does the interviewee of the auditee about activities that should be included in the scope?
Perform preaudit planning
Audit Phases - Planning: What are the resources that can be identified once the subject, objective, and score are defined?
- Technical skills and resources
- Budget and effort
- Location or facilities to be audited
- Roles and responsibilities
- Time frame for stages of the audit
- Sources of information
- Points of contract for admin and logistics arrangement
- Communication plan
Audit Phases - Planning: What are the specific activities in the Audit procedures step of the planning phase?
- Identify departmental policies, standards, and guidelines
- Identify regulatory requirements
- Identify list of interviewees
- Identify methods (including tools)
- Develop audit tools and methodology for testing of controls
- Develop test scripts
- Develop criteria
- Define a methodology to evaluate the results and tests are accurate
term used to describe the audit
strategy and audit plans that
include scope, objectives,
resources, and procedures used
to evaluate a set of controls and
deliver an audit opinion
Audit program
What are the factors that affect and audit?
- Organizational goals
- Market Conditions
- Change in technology
- Changes in regulatory requirements
What are the general audit proc
- Obtaining and recording an understanding of the audit area/subject
- Creating a risk assessment and general audit plan and schedule
- Performing detailed audit planning that includes the necessary audit steps and a breakdown of the
work planned across an anticipated timeline - Doing a preliminary review of the audit area/subject
- Evaluating the audit area/subject
- Verifying and evaluating the appropriateness of controls designed to meet control objectives
- Conducting compliance testing (tests of the implementation of controls and their consistent
application) - Conducting substantive testing (confirming the accuracy of information)
- Reporting (communicating results)
- Following up in cases where there is an internal audit function
Audit Program: What are the skills needed?
- Understanding of the nature and industry
- Understanding of IT
- Understanding of the relationship between IT and Business Risk
- Understanding of different Testing Procedures
Audit Work Papers: The format and media of work papers have industry standard (T or F)
False. It varies depending on the needs of the department
Audit Work Papers: IS auditor should particularly consider what?
how to maintain:
1. integrity
2. protection
of audit test evidence
Can be considered the bridge between audit objectives and the final report?
Work Papers
Audit Work Papers: Work papers should provide a seamless transition—with ____ ____ ____ for the work
performed—from objectives to report and from report to objectives.
traceability and support
Audit Work Paper: Plans for the audit include the audit program (T or F)
True
