Back to Blog
This cookie is set by GDPR Cookie Consent plugin. These cookies ensure basic functionalities and security features of the website, anonymously. ISACA also offers Cybersecurity Nexus (CSX), a holistic cybersecurity resource, and COBIT, a business framework to govern enterprise technology.įacebook: Necessary cookies are absolutely essential for the website to function properly. Established in 1969, ISACA is a global nonprofit association of 140,000 professionals in 180 countries. ISACA ( ) helps global professionals lead, adapt and assure trust in an evolving digital world by offering innovative and world-class knowledge, standards, networking, credentialing and career development. “Creating Audit Programs” and supporting materials, including a related infographic and sample audit program, are available as a free download at programs. “Creating Audit Programs” indicates three key success elements: IS auditors should be familiar with standard frameworks, the operating environment of the entity under review and the audit process used internally. Once planning is complete, auditors can move on to the fieldwork and documentation phase (acquiring data, testing controls, issue discovery and validation, documenting results) and the reporting phase (gathering report requirements, drafting the report, issuing the report and follow-up), both of which are described in detail in ISACA’s “Information Systems Auditing Tools and Techniques: IS Audit Reporting” paper. The final planning step-determining audit procedures and steps for data gathering-involves activities such as obtaining departmental policies for review, developing methodology to test and verify controls and developing test scripts plus criteria to evaluate the test. Pre-audit planning includes tasks such as conducting a risk assessment, identifying regulatory compliance requirements and determining the resources that will be needed to perform the audit. Setting the audit scope is critical, according to the white paper, because “the IS auditor will need to understand the IT environment and its components to identify the resources that will be required to conduct a comprehensive evaluation.” A clear scope helps the auditor determine the testing points relevant to the audit’s objective. ISACA’s new guide can be leveraged in your organization to add value to the audit function.” “Audit processes are clearly defined by phase with activities clearly described. Amato, CMA, CISA, a director on ISACA’s Board and Director, Deloitte Accountant B.V. “ISACA’s new white paper provides audit and assurance professionals with practical guidance on how to develop audit programs from the ground up,” said Rosemary M. Determine audit procedures and steps for data gathering.
0 Comments
Read More
Leave a Reply. |