CISA Lecture Domain 11

8/19/2019 CISA Lecture Domain 11

1/138

3/30/16

INTRODUCTION

Md. Mushfiqur Rahman, CISA, ITIL!C"#, MC$,MCTS,MCIT$,MCSA,MCS",SCSA,CCNA, OC$ %i/10&/11&

[email protected]


2/138

3/30/16

D'main 1

The Process of Auditing Information Systems (14!

[email protected]


3/138

3/30/16

"nsur( )ha) )h( CISA *andida)(+

$r'id( audi) s(ri*(s in a**'rdan*( -i)h IT audi) s)andards)' assis) )h( 'r&ania)i'n in r')(*)in& and *'n)r'in&

inf'rma)i'n ss)(ms.

Th( *'n)(n) ar(a in )his *ha)(r -i r(r(s(n) ar'2ima)(14 'f )h( CISA (2amina)i'n5ar'2ima)( 7 qu(s)i'ns8.

"2am R((an*(

[email protected]


4/138

3/30/16

"2am R((an*(

[email protected]


5/138

Tas9 : ;n'-(d&( S)a)(m(n)s

Tas9 and 9n'-(d&( s)a)(m(n)s r(r(s(n) )h(


6/138

Tas"s% &'ecti)esAudi) $r'*(ss Ar(a, Tas9s

* Tas"s Statements# 1.1 +e)elo, and im,lement a ris" 'ased IT audit strategy‐ in

*'mian*( -i)h IT audi) s)andards )' (nsur( )ha) 9( ar(as ar(

in*ud(d. 1. Plan s,ecific audits )' d()(rmin( -h()h(r inf'rma)i'n

ss)(ms ar( r')(*)(d, *'n)r'(d and r'id( au( )' )h('r&ania)i'n.

1.3 -onduct audits in a**'rdan*( -i)h IS audi) s)andards,&uid(in(s and


7/138


8/138

$r'*(ss Ar(a ;n'-(d&( S)a)(m(n)s.10 ;n'-(d&( S)a)(m(n)s

1.6 ;n'-(d&( 'f ai*a


9/138

1. Mana&(m(n) 'f IS Audi) !un*)i'n

Th( audi) fun*)i'n sh'ud


10/138


11/138

1./.2 Audit Planning (continued!

Audi) annin&

Sh'r) )(rm annin&‐

L'n& )(rm annin&‐

Thin&s )' *'nsid(r

N(- *'n)r' issu(s Chan&in& )(*hn''&i(s

Chan&in&


12/138


13/138

1./.4 3ffect of a$s and 5egulations(continued!

5egulatory requirements

"s)a


14/138

1./.4 3ffect of a$s and 5egulations

Ste,s to determine com,liance $ith e6ternal requirements#

Id(n)if (2)(rna r(quir(m(n)s

D'*um(n) (r)in(n) a-s and r(&ua)i'ns Ass(ss -h()h(r mana&(m(n) and )h( IS fun*)i'n ha(

*'nsid(r(d )h( r((an) (2)(rna r(quir(m(n)s

R(i(- in)(rna IS d(ar)m(n) d'*um(n)s )ha) addr(ssadh(r(n*( )' ai*a


15/138

1.2 ISA-A IT Audit and Assurance Standards and7uidelines

As 'f 16 Au&us) 010

S)andards 5168

@uid(in(s 1 5@1% is *an*((d8

$r'*(dur(s 5118/ Audi) and Assuran*(

T''s : T(*hniqu(

3/30/[email protected]


16/138

Policy Standards 7uidelines Procedure

3/30/[email protected]


17/138

+efinition# Standards 7uidelines Procedure

Standards d(fin( manda)'r r(quir(m(n)s f'r IT audi)and assuran*(.

7uidelines r'id( &uidan*( in ain& IT Audi) andAssuran*( S)andards. Th( '


18/138

3/30/16

1.2./ ISA-A IT Audit and Assurance Standards rame$or"

IS Auditing Standards# 1:

1. Audit charter/. Inde,endence

2. Professional 3thics and

Standards4. -om,etence

*. Planning

:. Performance of audit $or";. 5e,orting

8. ollo$se of ris" assessment in

audit ,lanning1/. Audit ?ateriality

12. >sing the or" of &ther

36,erts14. Audit 3)idence

1*. IT -ontrols

1:. 3


19/138

3/30/16

1.2.2 ISA-A IT Audit and Assurance 7uidelines (continued!IS Auditing 7uidelines# 41 (4/ 1 41 719 is cancelled!‐

@1 Usin& )h( 'r9 'f O)h(r Audi)'rs

@ Audi) "id(n*( R(quir(m(n)

@3 Us( 'f C'mu)(r Assis)(d Audi) T(*hniqu(s 5CAATs8

@ Ou)s'ur*in& 'f IS A*)ii)i(s )' O)h(r Or&ania)i'ns

@> Audi) Char)(r

@6 Ma)(riai) C'n*()s f'r Audi)in& Inf'rma)i'n Ss)(ms 1 S()(m Audi) $annin& R(is(d

[email protected]


20/138

3/30/16

1.2.2 ISA-A IT Audit and Assurance7uidelines (continued!

@16 "ff(*) 'f Third $ar)i(s 'n an Or&ania)i'nEs IT C'n)r's

@1 "ff(*) 'f N'naudi) R'( 'n )h( IT Audi) and Assuran*( $r'f(ssi'naBsInd((nd(n*(

@17 IT @'(rnan*(

719 Irregularities and Illegal Acts 1 Buly /==/. ithdra$n 1 Se,tem'er /==8

@0 R('r)in&

@1 "n)(rris( R(s'ur*( $annin& 5"R$8 Ss)(ms R(i(-

@ usin(ss)'*'nsum(r 5C8 "*'mm(r*( R(i(-

@3 Ss)(m D(('m(n) Lif( C*( 5SDLC8 R(i(- R(i(-s

@ In)(rn() an9in&

@> R(i(- 'f Fir)ua $ria)( N()-'r9s

@6 usin(ss $r'*(ss R((n&in((rin& 5$R8 $r'=(*) R(i(-s

@ M'


21/138

3/30/16

1.2.2 ISA-A IT Audit and Assurance7uidelines

@31 $ria*

@3 usin(ss C'n)inui) $an 5C$8 R(i(- !r'm I)

$(rs(*)i(

@33 @(n(ra C'nsid(ra)i'ns 'n )h( Us( 'f )h( In)(rn()

@3 R(s'nsi


22/138

3/30/16

1.2.4 ISA-A IT Audit and Assurance Tools andTechniques

IT Audi) and Assuran*( T''s and T(*hniqu(sG 11$1 IS Ris9 Ass(ssm(n)

$ Di&i)a Si&na)ur(s

$3 In)rusi'n D()(*)i'n

$ Firus(s and ')h(r Mai*i'us C'd($> C'n)r' Ris9 S(fass(ssm(n)

$6 !ir(-as

$ Irr(&uari)i(s and I(&a A*)s

$7 S(*uri) Ass(ssm(n)H$(n()ra)i'n T(s)in& and Fun(ra


23/138

3/30/16

IT Ris9 Ass(ssm(n) uadran)s

Cuadrant II (?edium 5is"!

Suggested Action(s!#Acce,t

?itigate

Transfer

Cuadrant I (Digh 5is"!

Suggested Action(s!#?itigate

Cuadrant IE (o$ 5is"!

Suggested Action(s!#

Acce,t

Cuadrant III (?edium 5is"!

Suggested Action(s!#

Acce,t

?itigateTransfer

Fun(ra


24/138

3/30/16

ISA-A IS Auditing Standards and 7uidelines

ISACA Audi)in& $r'*(dur(s

$r'*(dur(s d(('(d


25/138

3/30/16

1.> In)(rna C'n)r' 5*'n)inu(d8

In)(rna C'n)r'sG $'i*i(s, r'*(dur(s,ra*)i*(s and 'r&ania)i'na s)ru*)ur(sim(m(n)(d )' r(du*( ris9s

[email protected]


26/138

3/30/16

In)(rna C'n)r' 5*'n)inu(d8

C'm'n(n)s 'f In)(rna C'n)r' Ss)(m

In)(rna a**'un)in& *'n)r's

O(ra)i'na *'n)r's

Adminis)ra)i( *'n)r's

[email protected]


27/138

3/30/16


In)(rna C'n)r' O


28/138

3/30/16


-lassification of Internal -ontrols

Pre)enti)e controls

D()(*)i( *'n)r's

C'rr(*)i( *'n)r's

[email protected]


29/138

3/30/16


IS -ontrol &'ecti)es# C'n)r' '


30/138

3/30/16


IS C'n)r' O


31/138

3/30/16


IS C'n)r' O


32/138

3/30/16


IS C'n)r' O


33/138

3/30/16


7eneral -ontrol Procedures (continued!

a )' a ar(as 'f an 'r&ania)i'n andin*ud( 'i*i(s and ra*)i*(s (s)a


34/138

3/30/16


7eneral -ontrol Procedures (continued!

In)(rna a**'un)in& *'n)r's dir(*)(d a) a**'un)in& '(ra)i'ns

O(ra)i'na *'n)r's *'n*(rn(d -i)h )h( da )' da '(ra)i'ns‐ ‐

Adminis)ra)i( *'n)r's *'n*(rn(d -i)h '(ra)i'na (ffi*i(n*and adh(r(n*( )' mana&(m(n) 'i*i(s

Or&ania)i'na '&i*a s(*uri) 'i*i(s and r'*(dur(s

O(ra 'i*i(s f'r )h( d(si&n and us( 'f d'*um(n)s andr(*'rds

$r'*(dur(s and f(a)ur(s )' (nsur( au)h'ri(d a**(ss )' ass()s $hsi*a s(*uri) 'i*i(s f'r a da)a *(n)(r

[email protected]


35/138

3/30/16


IS C'n)r' $r'*(dur(s

S)ra)(& and dir(*)i'n

@(n(ra 'r&ania)i'n and mana&(m(n)

A**(ss )' da)a and r'&rams Ss)(ms d(('m(n) m()h'd''&i(s and *han&( *'n)r'

Da)a r'*(ssin& '(ra)i'ns

Ss)(ms r'&rammin& and )(*hni*a su'r) fun*)i'ns

Da)a r'*(ssin& quai) assuran*( r'*(dur(s

$hsi*a a**(ss *'n)r's usin(ss *'n)inui)/disas)(r r(*'(r annin&

N()-'r9s and *'mmuni*a)i'ns

Da)a


36/138

3/30/16

[email protected]


37/138

3/30/16

D(fini)i'n 'f Audi)in&

Ss)(ma)i* r'*(ss


38/138

Pur,ose of an Audit

An audit is sim,ly a r(i(- 'f as) his)'r. Th( IS audi)'r is(2(*)(d )' f''- )h( d(fin(d audi) r'*(ss, (s)a


39/138


40/138

3/30/16

Cassifi*a)i'n 'f audi)sG

!inan*ia audi)s

O(ra)i'na audi)s

In)(&ra)(d audi)s

Adminis)ra)i( audi)s

Inf'rma)i'n ss)(ms audi)s

S(*iai(d audi)s

!'r(nsi* audi)s

[email protected]


41/138

3/30/16

Audi) C'n*() 5*'n)inu(d...8

Th( IS audi)'r sh'ud und(rs)and )h( ari'us )(s 'f audi)s )ha) *an


42/138

3/30/16

Audi) C'n*()

IS auditsThis $r'*(ss *'(*)s and (aua)(s (id(n*( )' d()(rmin( -h()h(r )h(inf'rma)i'n ss)(m and r(a)(d r(s'ur*(s ad(qua)( saf(&uard ass()s, main)ain da)aand ss)(m in)(&ri). r'id( r((an) and r(ia


43/138


44/138

3/30/16

Audi)'rBs R(s'nsi


45/138

3/30/16

-om,aring Audits toAssessments

Audit An audi) &(n(ra)(s a r('r) *'nsid(r(d )' r(r(s(n) a hi&hassuran*( 'f )ru)h. Audi)s ar( us(d in ass() r('r)in& (n&a&(m(n)s.

Assessment An ass(ssm(n) is (ss f'rma and fr(qu(n) m'r(*''(ra)i( -i)h )h( ('(/

'


46/138

3/30/16

-om,aring Audits toAssessments

Auditor Th( audi)'r is )h( *'m()(n) (rs'n (rf'rmin& )h( audi).

Auditee Th( 'r&ania)i'n and ('(


47/138

3/30/16

AuditorFs Inde,endence

Inde,endent m(ans )ha) 'u ar( n') r(a)(d r'f(ssi'na, (rs'na, 'r'r&ania)i'na )' )h( su


48/138

3/30/16

Audi) $r'&rams

as(d 'n )h( s*'( and )h( '


49/138

3/30/16

@(n(ra audi) r'*(dur(s

Und(rs)andin& 'f )h( audi) ar(a/su


50/138

3/30/16

Procedures for testing e)aluating IS controls

Us( 'f &(n(rai(d audi) s'f)-ar( )' sur( )h(*'n)(n)s 'f da)a fi(s

Us( 'f s(*iai(d s'f)-ar( )' ass(ss )h(*'n)(n)s 'f '(ra)in& ss)(m aram()(r fi(s

!'- *har)in& )(*hniqu(s f'r d'*um(n)in&‐au)'ma)(d ai*a)i'ns and


51/138


52/138

3/30/16

Ti*a audi) has(s

1. Audi) su


53/138

d h 5C Bd8


54/138

3/30/16

Ti*a audi) has(s 5C'n)Bd8

>. Audi) r'*(dur(s and s)(s f'r da)a&a)h(rin&

Id(n)if and s((*) )h( audi) ar'a*h

Id(n)if a is) 'f indiiduas )' in)(ri(-

Id(n)if and '


55/138

3/30/16

Ti*a audi) has(s 5C'n)Bd8

6. $r'*(dur(s f'r (aua)in& )(s)/r(i(- r(su)

. $r'*(dur(s f'r *'mmuni*a)i'n

7. Audi) r('r) r(ara)i'n Id(n)if f''- u r(i(- r'*(dur(s‐

Id(n)if r'*(dur(s )' (aua)(/)(s) '(ra)i'na(ffi*i(n* and (ff(*)i(n(ss

Id(n)if r'*(dur(s )' )(s) *'n)r's R(i(- and (aua)( )h( s'undn(ss 'f

d'*um(n)s, 'i*i(s and r'*(dur(s.

[email protected]


56/138

3/30/16

Ti*a Audi) $has(s SummarIdentify the area to 'e audited the ,ur,ose of the audit the s,ecific systems function or unit of the organi0ation to 'e included in the re)ie$. technical s"ills and resources needed

the sources of information for tests orre)ie$ such as functional flo$charts

,olicies standards ,rocedures and ,rior audit $or" ,a,ers. locations or facilities to 'e audited. select the audit a,,roach to )erify

and test the controls list of indi)iduals to inter)ie$ o'tain de,artmental ,olicies standards

and guidelines for re)ie$

+e)elo, audit tools and methodology to test and

)erify control ,rocedures for e)aluating the test or

re)ie$ results ,rocedures for communication $ith

management

5e,ort

follo$


57/138

3/30/16

'r9 $a(rs 5$s8‐ (-ontFd!

ha) ar( d'*um(n)(d in $sK

Audi) ans

Audi) r'&ramsAudi) a*)ii)i(s

Audi) )(s)s

Audi) findin&s and in*id(n)s

[email protected]

9 $


58/138

3/30/16

'r9 $a(rs‐

D' n') ha( )'


59/138

A di) Ri 9


60/138

3/30/16

Audi) Ris9

Audi) ris9 is )h( ris9 )ha) )h( inf'rma)i'n/finan*ia r('r) ma *'n)ain ma)(ria (rr'r )ha)

ma &' und()(*)(d durin& )h( audi).

A ris9


61/138

3/30/16

Audi) Ris9sG T(s

Inh(r(n) ris9

C'n)r' ris9

D()(*)i'n ris9 Sam,ling ris"s Honsam,ling ris"s

O(ra audi) ris9

usin(ss ris9s

T(*hn''&i*a ris9s

O(ra)i'na ris9s R(sidua ris9s

Audi) ris9s

[email protected]

A di) Ri 9 T


62/138

3/30/16

Audi) Ris9sG T(s

Inherent ris"# Inh(r(n) ris9 is )h( ris9 )ha) an (rr'r (2is)s in )h(a


63/138

3/30/16

Audi) Ris9sG T(s

Gusiness ris"s Th(s( ar( ris9s )ha) ar( inh(r(n) in )h(


64/138

3/30/16

Ris9


65/138

3/30/16

Ma)(riai)

An audi)in& *'n*() r(&ardin& )h( im'r)an*( 'f

an i)(m 'f inf'rma)i'n -i)h r(&ard )' i)s ima*) 'r(ff(*) 'n )h( fun*)i'nin& 'f )h( (n)i)


66/138

Ris9 Ass(ssm(n) T(*hniqu(s

"na


67/138

3/30/16

Audi) O


68/138

3/30/16

C'mian*( s. Su


69/138

3/30/16

C'mian*( s. Su


70/138

3/30/16

C'mian*( s. Su


71/138

3/30/16

[email protected]

"id(n*(


72/138

3/30/16

"id(n*(

I) is a r(quir(m(n) )ha) )h( audi)'rBs *'n*usi'ns mus)


73/138

3/30/16

T(*hniqu(s f'r &a)h(rin& (id(n*(G

R(i(- IS 'r&ania)i'n s)ru*)ur(s

R(i(- IS 'i*i(s and r'*(dur(s

R(i(- IS s)andards

R(i(- IS d'*um(n)a)i'n

In)(ri(- ar'ria)( (rs'nn(

O


74/138

3/30/16

In)(ri(-in& and O


75/138

3/30/16

Samin& 5*'n)inu(d8

@(n(ra ar'a*h(s )' audi) samin&G

Statistical sam,ling# An '


76/138

3/30/16

Samin& 5*'n)inu(d8

[email protected]


77/138


78/138

3/30/16

Samin& 5*'n)inu(d8

M()h'ds 'f samin& us(d


79/138

Samin& 5*'n)inu(d8

Attri'ute Sam,ling

Sto, or go sam,ling#‐ ‐ A samin& m'd( )ha) h(s r((n) (2*(ssi(samin& 'f an a))ri


80/138

3/30/16

Samin& 5*'n)inu(d8

Earia'le sam,ling

Stratified mean ,er unitG A s)a)is)i*a m'd( in -hi*h )h( 'ua)i'nis diid(d in)' &r'us and sam(s ar( dra-n fr'm )h( ari'us &r'us.S)ra)ifi(d m(an samin& is us(d )' r'du*( a sma(r '(ra sam(si( r(a)i( )' uns)ra)ifi(d m(an (r uni). 36am,les ar( )((na&(rsfr'm )h( a&(s 'f 13 )' 1%, ('( fr'm )h( a&(s 'f 0 )' %, ('(

fr'm )h( a&(s 'f 30 )' 3%, and )h's( -h' ar( ma( 'r f(ma(, sm'9(rs'r n'nsm'9(rs, and s' 'n.

>n


81/138

3/30/16

S)a)is)i*a samin& )(rmsG 5*'n)d.8

C'nfid(n) *'(ffi*i(n)

L(( 'f ris9

$r(*isi'n

"2(*)(d (rr'r ra)(

Sam( m(an

Sam( s)andard d(ia)i'n

T'(ra


82/138


83/138

3/30/16

S)a)is)i*a samin& )(rmsG

Sam,le mean# Th( sum 'f a1 sam( au(s, diid(d


84/138

3/30/16

;( s)(s in *h''sin& a sam(

D()(rmin( )h( '


85/138

3/30/16

C'mu)(r Assis)(d Audi) T(*hniqu(s. C'n)d.‐

CAATs (na


86/138

3/30/16

-om,uter Assisted Audit Techniques. -ontd.‐

N((d f'r CAATs

"id(n*( *'(*)i'n

!un*)i'na *aa


87/138

3/30/16

-om,uter Assisted Audit Techniques. -ontd‐ .

"2am(s 'f CAATs us(d )' *'(*) (id(n*(

CAATS as a *'n)inu'us 'nin( ar'a*h

[email protected]

C'mu)(r Assis)(d Audi) T(*hniqu(s


88/138

3/30/16

C'mu)(r Assis)(d Audi) T(*hniqu(s.‐C'n)d.

D(('m(n) 'f CAATs

D'*um(n)a)i'n r()(n)i'nA**(ss )' r'du*)i'n da)a

Da)a maniua)i'n

[email protected]


89/138

3/30/16

3)aluation of Strengths and ea"nesses

Ass(ss (id(n*(

"aua)( '(ra *'n)r' s)ru*)ur(

"aua)( *'n)r' r'*(dur(s

Ass(ss *'n)r' s)r(n&)hs and -(a9n(ss(s

[email protected]

ud&in& Ma)(riai) 'f !indin&s


90/138

3/30/16

ud&in& Ma)(riai) 'f !indin&s

Ma)(riai) is a 9( issu(

Ass(ssm(n) r(quir(s =ud&m(n) 'f )h( ')(n)ia(ff(*) 'f )h( findin& if *'rr(*)i( a*)i'n is n'))a9(n

[email protected]

C'mmuni*a)in& Audi) R(su)s


91/138

3/30/16

C'mmuni*a)in& Audi) R(su)s

"2i) in)(ri(-

C'rr(*) fa*)s

R(ais)i* r(*'mm(nda)i'ns

Im(m(n)a)i'n da)(s f'r a&r((dr(*'mm(nda)i'ns

$r(s(n)a)i'n )(*hniqu(s

"2(*u)i( summar Fisua r(s(n)a)i'n

[email protected]

Audit re,ort structure and contents


92/138

3/30/16

Audit re,ort structure and contents

An in)r'du*)i'n )' )h( r('r)

Th( IS audi)'rBs '(ra *'n*usi'n and 'ini'n

Th( IS audi)'rBs r(s(ra)i'ns -i)h r(s(*) )')h( audi)

D()ai(d audi) findin&s and r(*'mm(nda)i'ns

A ari() 'f findin&s

Limi)a)i'ns )' audi)

S)a)(m(n) 'n )h( IS audi) &uid(in(s f''-(d

[email protected]

?anagement Im,lementation of 5ecommendations


93/138

3/30/16

?anagement Im,lementation of 5ecommendations

Audi)in& is an 'n&'in& r'*(ss

Timin& 'f f''- u‐

[email protected]

Audi) D'*um(n)a)i'n


94/138

3/30/16

Audi) D'*um(n)a)i'n

C'n)(n)s 'f audi) d'*um(n)a)i'n

Cus)'d 'f audi) d'*um(n)a)i'n

Su'r) 'f findin&s and *'n*usi'ns

[email protected]

-ontrol Self Assessment (-SA! -ontd.‐


95/138

3/30/16

-ontrol Self Assessment (-SA! -ontd.

Th( $rimar '


96/138

3/30/16

-ontrol Self Assessment (-SA! -ontd.

Im(m(n)a)i'n 'f CSA !a*ii)a)(d -'r9sh's

#


97/138

3/30/16

C'n)r' S(f Ass(ssm(n)

(n(fi)s 'f CSA

"ar D()(*)i'n 'f Ris9

M'r( "ff(*)i( and imr'(d in)(rna *'n)r's

#i&h M')ia)(d "m'((

Imr'(d Audi) Ra)in& r'*(ss Assuran*( )' T' Mana&(m(n) and S)a9(h'd(rs

Disadan)a&(s 'f CSA

I) ma


98/138

3/30/16

C'n)r' S(f Ass(ssm(n)

IS AuditorFs 5ole in -SAs# h(n CSA in a*(, audi)'rs


99/138

3/30/16

[email protected]

3merging -hanges in IS Audit Process


100/138

3/30/16

g g g

N(- T'i*sG

Au)'ma)(d 'r9 $a(rs

In)(&ra)(d Audi)in&C'n)inu'us Audi)in&

[email protected]


101/138


102/138

3/30/16

Au)'ma)(d 'r9 $a(rs

C'n)r's '(r au)'ma)(d -'r9 a(rsG

A**(ss )' -'r9 a(rs

Audi) )raisAr'as 'f audi) has(s

S(*uri) and in)(&ri) *'n)r's

a*9u and r(s)'ra)i'n

"n*r)i'n f'r *'nfid(n)iai)

[email protected]

In)(&ra)(d Audi)in&


103/138

3/30/16

& &

Integrated Auditing

r'*(ss -h(r(


104/138

g g y, ,

Id(n)ifi*a)i'n 'f r((an) 9( *'n)r's

R(i(- and und(rs)andin& 'f )h( d(si&n 'f 9(*'n)r's

T(s)in& )ha) 9( *'n)r's ar( su'r)(d


105/138

-ontinuous Auditing )s. -ontinuous ?onitoring


106/138

3/30/16

g g

C'n)inu'us M'ni)'rin&

Mana&(m(n) dri(n‐

as(d 'n au)'ma)(d r'*(dur(s )' m(()

fidu*iar r(s'nsi


107/138

3/30/16

-ontinuous Auditing 3na'ler for the A,,licationof -ontinuous Auditing

N(- inf'rma)i'n )(*hn''&

In*r(as(d r'*(ssin& *aa


108/138

3/30/16

IT Techniques in a -ontinuous Auditing 3n)ironment

Transa*)i'n '&&in&

u(r )''s

S)a)is)i*s and da)a anasis 5CAAT8

Da)a


109/138

3/30/16

A hi&h d(&r(( 'f au)'ma)i'n

An au)'ma)(d and r(ia


110/138


111/138

Practice Question


112/138

3/30/16

Q

$ra*)i*( u(s)i'ns 5*'n)d.8

Ans$er is G. A**'un)an)s, audi)'rs, and a-(rsa*) 'n


113/138

3/30/16

C# ha) ar( )h( diff(r(n) )(s 'f audi)sK

A. !'r(nsi*, a**'un)in&, (rifi*a)i'n, r(&ua)'r

G. In)(&ra)(d, '(ra)i'na, *'mian*(,adminis)ra)i(

-. !inan*ia, SAS, *'mian*(, adminis)ra)i(

+. Inf'rma)i'n ss)(ms, SAS0, r(&ua)'r,r'*(dura

[email protected]

Practice Question


114/138

3/30/16

$ra*)i*( u(s)i'ns 5*'n)d.8

Ans$er is . A 'f )h( audi) )(s ar( aid(2*() r'*(dura, SAS, (rifi*a)i'n, andr(&ua)'r. Th( aid audi) )(s ar( finan*ia,

'(ra)i'na 5SAS08, in)(&ra)(d 5SAS%8,*'mian*(, adminis)ra)i(, f'r(nsi*, andinf'rma)i'n ss)(ms. A f'r(nsi* audi) is us(d )'dis*'(r inf'rma)i'n a


115/138

Practice Question


116/138

3/30/16

$ra*)i*( u(s)i'ns 5*'n)d.8

C# Ans$er is A. A fina 'ini'n is


117/138

3/30/16

$ra*)i*( u(s)i'ns 5*'n)d.8

C# hich of the follo$ing G3ST descri'es theearly stages of an IS audit

A. O


118/138

3/30/16

1 1 CG Und(rs)andin& )h(


119/138

3/30/16

C# In ,erforming a ris" 'ased audit‐$hich ris" assessment is com,letedinitially 'y the IS auditor

A. D()(*)i'n ris9 ass(ssm(n). C'n)r' ris9 ass(ssm(n)

C. Inh(r(n) ris9 ass(ssm(n)

D. !raud ris9 ass(ssm(n)

[email protected]

Ans-(r


120/138

3/30/16

1 CG Inh(r(n) ris9s (2is) ind((nd(n) 'f an audi) and‐ ‐

*an '**ur


121/138

3/30/16

C# hile de)elo,ing a ris" 'ased audit ,rogram on‐$hich of the follo$ing $ould the IS auditor ?&STli"ely focus

A. usin(ss r'*(ss(s

. Cri)i*a IT ai*a)i'ns

C. O(ra)i'na *'n)r's

D. usin(ss s)ra)(&i(s

[email protected]


122/138

$ra*)i*( u(s)i'ns 5*'n)d.8


123/138

3/30/16

C# hich of the follo$ing ty,es of audit ris"assumes an a'sence of com,ensating controlsin the area 'eing re)ie$ed

A. C'n)r' ris9

. D()(*)i'n ris9

C. Inh(r(n) ris9

D. Samin& ris9

[email protected]

Ans-(r


124/138

3/30/16

s (

1 CG Th( ris9 'f an (rr'r (2is)in& )ha) *'ud


125/138

3/30/16

C# An IS auditor ,erforming a re)ie$ of an a,,licationJs controls finds a$ea"ness in system soft$are that could materially im,act the a,,lication. TheIS auditor should#

A. disr(&ard )h(s( *'n)r' -(a9n(ss(s sin*( a ss)(m s'f)-ar( r(i(- is


126/138

3/30/16

1 > DG Th( IS audi)'r is n') (2(*)(d )' i&n'r( *'n)r' -(a9n(ss(s‐ ‐

=us)


127/138

3/30/16

C# Th( P5I?A5K use of generali0ed auditsoft$are (7AS! is )'G

A. )(s) *'n)r's (m


128/138

3/30/16

1 : -#‐ ‐ @(n(rai(d audi) s'f)-ar( fa*ii)a)(s dir(*) a**(ss )' andin)(rr'&a)i'n 'f )h( da)a


129/138

3/30/16

C# hich of the follo$ing is ?&ST effecti)efor im,lementing a control self assessment‐(-SA! $ithin 'usiness units

A. Inf'rma ((r r(i(-s

. !a*ii)a)(d -'r9sh's

C. $r'*(ss f'- narra)i(s

D. Da)a f'- dia&rams

[email protected]

Ans-(r


130/138

3/30/16

1 G !a*ii)a)(d -'r9sh's -'r9 -( -i)hin‐ ‐


131/138

3/30/16

C# Th( I5ST ste, in ,lanning an audit is to#

A. d(fin( audi) d(i(ra


132/138

3/30/16

Ans-(r

1 7 CG Th( firs) s)( in audi) annin& is )' &ain an‐ ‐

und(rs)andin& 'f )h(


133/138

3/30/16

C# The a,,roach an IS auditor shoulduse to ,lan IS audit co)erage should'e 'ased on#

A. ris9.. ma)(riai).

C. r'f(ssi'na s9()i*ism.

D. suffi*i(n* 'f audi) (id(n*(.

[email protected]

Ans-(r


134/138

3/30/16

1 % AG S)andard S>, $annin&, (s)a


135/138

3/30/16

C# A com,any ,erforms a daily 'ac"u, of critical dataand soft$are files and stores the 'ac"u, ta,es at anoffsite location. The 'ac"u, ta,es are used to restorethe files in case of a disru,tion. This is a#

A. r((n)i( *'n)r'.

. mana&(m(n) *'n)r'.

C. *'rr(*)i( *'n)r'.

D. d()(*)i( *'n)r'.

[email protected]

Ans-(r


136/138

3/30/16

1 10 CG A *'rr(*)i( *'n)r' h(s )' *'rr(*) 'r minimi( )h( ima*) 'f‐ ‐

a r'


137/138

Question&

Answer

3/30/16

[email protected]

T#IS IS A COM!ORTAL" $OINT TOSAJ


138/138

SAJ++++.

T#AN; JOU AND "ST O! LUC;

CISA Lecture Domain 11

Documents

Transcript of CISA Lecture Domain 11