CISA Certification: Key Concepts in Auditing Process, Exams of Business Economics

This document provides a concise overview of auditing information systems and technology, defining key terms and differentiating between IS and IT. It covers audit planning, including short-term and long-term considerations, the audit universe, and legal requirements. Risk analysis, internal controls, and audit types like compliance, financial, and operational audits are explored. Risk management strategies, including mitigation, acceptance, avoidance, and transfer, are also addressed. This resource is useful for students and professionals in IT audit and compliance, offering a structured approach to understanding core principles and processes. It's valuable for grasping IT governance and risk management fundamentals and for those preparing for CISA certification.

Typology: Exams

2024/2025

Available from 05/23/2025

locaz-turus-1
locaz-turus-1 🇺🇸

5

(1)

13K documents

1 / 13

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
CISA Certification - Chapter 1 Auditing Process
Audit Function correct answer Ensures that the diverse tasks performed and achieved by the
audit team will fulfill objectives, while preserving audit independence and competence.
Information Systems correct answer The combination of strategic, managerial, and operational
activities involved in gathering, processing, storing, distributing and using information and its
related technologies.
Information Technology correct answer The hardware, software, communication and other
facilities used to input, store, process, transmit and output data in whatever form.
IS vs. IT correct answer Information System has an IT component that interacts with the process
components.
IS Audit correct answer The formal examination, interview and/or testing of information
systems determining IS compliance, IS data and info appropriate levels of CIA, and IS operations
are efficient and excellent.
Audit Charter correct answer An overarching document that covers the entire scope of audit
activities in an entity.
Engagement Letter correct answer Focused on a particular audit exercise that is sought to be
initiated in an organization with a specific objective in mind.
Short-term Audit Planning correct answer Takes into account audit issues that will be covered
during the year.
Long-term Audit Planning correct answer Take into account risk-related issues regarding
changes in the organization's IT strategic direction that will affect the organization's IT
environment.
pf3
pf4
pf5
pf8
pf9
pfa
pfd

Partial preview of the text

Download CISA Certification: Key Concepts in Auditing Process and more Exams Business Economics in PDF only on Docsity!

CISA Certification - Chapter 1 Auditing Process

Audit Function correct answer Ensures that the diverse tasks performed and achieved by the audit team will fulfill objectives, while preserving audit independence and competence. Information Systems correct answer The combination of strategic, managerial, and operational activities involved in gathering, processing, storing, distributing and using information and its related technologies. Information Technology correct answer The hardware, software, communication and other facilities used to input, store, process, transmit and output data in whatever form. IS vs. IT correct answer Information System has an IT component that interacts with the process components. IS Audit correct answer The formal examination, interview and/or testing of information systems determining IS compliance, IS data and info appropriate levels of CIA, and IS operations are efficient and excellent. Audit Charter correct answer An overarching document that covers the entire scope of audit activities in an entity. Engagement Letter correct answer Focused on a particular audit exercise that is sought to be initiated in an organization with a specific objective in mind. Short-term Audit Planning correct answer Takes into account audit issues that will be covered during the year. Long-term Audit Planning correct answer Take into account risk-related issues regarding changes in the organization's IT strategic direction that will affect the organization's IT environment.

Audit Universe correct answer Lists all of the processes that may be considered for audit. Legal Requirements correct answer Law, regulatory and contractual agreements placed on audit or IS audit, and legal requirements placed on the auditee and its systems, data management, reporting, etc. This impacts the audit scope and audit objectives. Legal Issues correct answer Impact the organization's business operations in terms of compliance with ergonomic regulations, HIPAA, Protection of Personal Data Directives and Electronic Commerce within the European Community, and fraud prevention within banking organizations. Standards correct answer To be followed by the IS auditor. Guidelines correct answer Provide assistance on how the auditor can implement standards in various audit assignments. Tools and techniques correct answer Not intended to provide exhaustive guidance to the auditor when performing an audit. Provide examples of steps the auditor may follow in specific audit assignments to implement the standards. Risk Analysis correct answer Part of audit planning and helps identify risk and vulnerabilities so the IS auditor can determine the controls needed to mitigate risk. Risk correct answer The combination of the probability of an event and its consequence. Adverse impact(s) that could occur to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations due to the potential for unauthorized access, use, disclosure, disruption, modification, or destruction of information and/or information systems.

Substantive Testing correct answer Assessing the integrity of financial reporting data. Compliance Audits correct answer Tests to demonstrate adherence to specific regulatory or industry standards. Financial Audits correct answer Assess the accuracy of financial reporting. Involve detailed, substantive testing. Relates to financial information integrity and reliability. Operational Audits correct answer Evaluate the internal control structure in a given process or area. Application controls or logical security systems. Integrated Audits correct answer Combines financial and operational audit steps. Assesses the overall objectives within an organization, related to financial information and assets' safeguarding, efficiency and compliance. Performed by external or internal auditors and would include compliance tests of internal controls and substantive audit steps. Administrative Audits correct answer Assess issues related to the efficiency of operational productivity within an organization. IS Audits correct answer Collects and evaluates evidence to determine whether the information systems and related resources adequately safeguard assets, maintain data and system integrity and availability, provide relevant and reliable information, achieve organizational goals effectively, consume resources efficiently and have, in effect, internal controls that provide reasonable assurance that business, operational and control objectives will be met and that undesired events will be prevent, or detected and corrected, in a timely manner. Specialized Audits correct answer Specialized reviews examining areas such as services performed by third parties.

Forensic Audits correct answer Specialized in discovering, disclosing and following up on fraud and crimes. The purpose is the development of evidence for review by law enforcement and judicial authorities. Computer Forensic Investigation correct answer The analysis of electronic devices such as computers, smartphones, disks, switches, routers, hubs and other electronic equipment. Audit Risk correct answer The risk that information may contain a material error that may go undetected during the course of the audit. Inherent Risk correct answer The risk level or exposure of the process/entity to be audited without taking into account the controls that management has implemented. Exists independent of an audit and can occur because of the nature of the business. Control Risk correct answer The risk that a material error exists that would not be prevented or detected on a timely basis by the system of internal controls. Detection Risk correct answer The risk that material errors or misstatements that have occurred will not be detected by the IS auditor. Overall Audit Risk correct answer The probability that information or financial reports may contain material errors and that the auditor may not detect an error that has occurred. Limit the audit risk in the area under scrutiny so the overall audit risk is at a sufficiently low level at the completion of the examination. Statistical Sampling Risk correct answer The risk that incorrect assumptions are made about the characteristics of a population from which a sample is selected. Risk Assessment correct answer Identifies, quantifies, and prioritizes risk against criteria for risk acceptance and objectives relevant to the organization

Compliance Test correct answer Determines whether controls are being applied in a manner that complies with management policies and procedures. Substantive Test correct answer Substantiates the integrity of actual processing. Provides evidence of the validity and integrity of the balances in the financial statements and the transactions that support these balances. Evidence correct answer Any information used by the IS auditor to determine whether the entity or data being audited follows the established criteria or objectives and supports audit conclusions. Audit Judgement correct answer Used to determine when sufficiency is achieved in the same manner that is used to determine the competency of evidence. Reviewing IS organization structures Reviewing IS policies and procedures Reviewing IS standards Reviewing IS documentation Interviewing appropriate personnel Observing process and employee performance Reperformance Walk-throughs correct answer Techniques for gathering evidence? Inquiry Observation Inspection Confirmation Performance

Monitoring correct answer Procedures to gather audit evidence? Actual function Actual processes/procedures Security Awareness Reporting relationships Observation drawback correct answer Observing personnel identifies? Actual Function correct answer Ensures that the individual who is assigned and authorized to perform a particular function is the person who is actually doing the job. Actual Processes/Procedures correct answer Gain evidence of compliance and observer deviations. Security Awareness correct answer Observed to verify an individual's understanding and practice of good preventive and detective security measures to safeguard the company's assets and data. Reporting Relationship correct answer Observed to ensure that assigned responsibilities and adequate segregation of duties are being practiced. Sampling correct answer Used when time and cost considerations preclude a total verification of all transactions or events in a predefined population. Used to infer characteristics about a population based on the characteristics of a sample. Population correct answer Consists of the entire group of items that need to be examined. Sample correct answer The subset of population members used to perform testing.

Stratified Mean per Unit Unstratified Mean per Unit Difference Esitimation correct answer Variable Sampling types? Variable Sampling correct answer A technique used to estimate the monetary value or some other unit of measure (such as weight) of a population from a sample portion. Stratified mean per unit correct answer A statistical model in which the population is divided into groups and samples are drawn from the various groups; used to produce a smaller overall sample size relative to unstratified mean per unit. Unstratified mean per unit correct answer A statistical model in which a sample mean is calculated and projected as an estimated total. Difference Estimation correct answer A statistical model used to estimate the total difference between audited values and book (unaudited) values based on differences obtained from sample observations. Level of Risk correct answer Equal to one minus the confidence coefficient. Precision correct answer Represents the acceptable range difference between the sample and the actual population. The higher the precision amount, the smaller the sample size and the greater the risk of fairly large total error amounts going undetected. A very low precision level may lead to an unnecessarily large sample size. Expected Error Rate correct answer An estimate stated as a percent of the errors that may exist. The greater the expected rate, the greater the sample size. Sample Mean correct answer The sum of all sample values, divided by the size of the sample. Measures the average value of the sample.

Sample Standard Deviation correct answer Computes the variance of the sample values from the mean of the sample. Measures the spread or dispersion of the sample values. Tolerable Error Rate correct answer Describes the maximum misstatement or number of errors that can exist without an account being materially misstated. Used for the planned upper limit of the precision range for compliance testing. Population Standard Deviation correct answer Measures the relationship to the normal distribution. The greater it is, the larger the sample size. GAS correct answer Standard software that has the capability to directly read and access data from various database platforms, flat-file systems and ASCII formats. File Access correct answer Enables the reading of different record formats and file structures. File Recognition correct answer Enables indexing, sorting, merging and linking with another file. Data Selection correct answer Enables global filtration conditions and selection criteria. Statistical Functions correct answer Enables sampling, stratification and frequency analysis. Arithmetical Functions correct answer Enables arithmetic operators and functions. Executive Summary correct answer An easy-to-read concise report that presents findings to management in an understandable manner. Written in a business perspective, because detailed attachments should be used to record the technical corrections for operations management. Visual Presentation correct answer May include slides or computer graphics.

Continuous Assurance correct answer When both continuous monitoring and auditing take place, this can be established.