Standards and Guidelines for IS Auditing (ISACA)

ISACA IS Auditing Standards

• The specialized nature of information systems auditing and the skills and knowledge necessary to perform such audits require globally applicable standards that pertain specifically to information systems auditing

• ISACA functions is to provide information to support knowledge requirement

The objectives of the ISACA IS Auditing Standards are :• Information system auditors of the minimum

level of acceptable performance required to meet the professional responsibilities set out in the Code of Professional Ethics for information systems auditors

• Management and other interested parties of the profession’s expectations concerning the concerning the work of audit practitioners

The framework of ISACA

• Standards define mandatory requirements for IS auditing and reporting

• Guidelines provide guidance in applying IS Auditing Standards. The IS auditor should consider them in determining how to achieve implementation of the above standards, use professional judgment in their application and be prepared to justify any departure

• Procedures provide examples of procedures an IS auditor might follow in an audit engagement. The procedure documents provide information on how to meet the standards when completing information systems auditing work, but do not set requirements

ISACA Auditing Standards

• Audit Charter• Independence

– Professional Independence– Organisation Independence

• Professional Ethics and Standards• Professional Competence• Planning

ISACA Auditing Standards

• Performance of Audit Work• Reporting• Follow Up Activities• Irregularities and Illegal Acts

ISACA IS Auditing Procedures

• Procedures developed by the ISACA Standards Board provide examples of possible process an IS auditor might follow in an audit engagement.

• In determining the appropriateness of any specific procedure, IS auditor should apply their own professional judgment to the specific circumstances. The procedure documents provide information on how to meet the standards when performing IS auditor work, but do not set requirements.

Relationship Between Standards, Guidelines and procedures• Standards defined by ISACA are to be

followed by the IS auditor. Guidelines provide assistance on how the auditor can implement standards in various audit assignment. Procedures provide the examples of steps the auditor may follow in specific audit assignment so as to implement the standards. However, the IS auditor should use professional judgment when using guidelines and procedures.

IS Auditing Practices and Techniques

• Internal Control

• Performing an IS audit

• Audit Programs

• Audit Methodologies

• Audit Objectives

• Computer Assisted Audit Techniques

• Communicating Audit Results

• Audit Documentation

Audit Methodologies

• Audit subject

• Audit objective

• Audit scope

• Preaudit planning

• Audit procedures and steps for data gathering

Audit Methodologies

• Procedures for evaluating the test or review results

• Procedures to communication with management

• Audit report preparation