Scribd Logo
Upload

Welcome to Scribd!

  • 11 views

    CISA Domain 1 Exam Important Points Part

    Uploaded by

    kumar31052003
    CISA

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    CISA Domain 1 Exam Important Points Part

    Uploaded by

    kumar31052003
    11 views4 pages
    CISA

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    CISA

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    11 views4 pages

    CISA Domain 1 Exam Important Points Part

    Uploaded by

    kumar31052003
    CISA

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    CISA Domain 1 Exam

    Important Points Part 1


    Some Key Areas that you must review once you complete Domain 1
    from CISA. Some important statements that I have documented from
    Part 1 of Domain 1 that is PLANNING. Part 2 EXECUTION Section I
    will documented by end of this month
    1. IS audit is the formal examination of information
    systems to DETERMINE whether Information systems comply
    with applicable laws, regulations, contracts and/or industry
    guidelines.
    2. IS auditors must FIRST understand and be able to evaluate the
    Business processes of the organization they are auditing.
    1. This includes test and evaluation of control
    3. Business process owner
    1. Responsible for identifying process requirements
    2. Approving process design
    3. Managing process performance
    4. Commit resources to process specific risk management
    activities.
    4. IS INTERNAL AUDIT FUNCTION
    1. Audit Charter
    1. The responsibility, authority, and accountability of
    the IS audit function should be appropriately documented
    in an audit charter
    2. Audit Committee Approved audit Charter
    5. An IS auditor must be technically Competent, having the skills
    and knowledge necessary to perform audit work.
    6. Audit planning is conducted at the beginning of the audit process
    to establish the overall audit strategy and detail the specific
    procedures
    1. The audit plan includes all of the processes that are rated
    “high,” which would represent the ideal annual audit plan
    7. EFFECT OF LAWS AND REGULATIONS ON IS AUDIT
    PLANNING
    1. There are two major areas of concern impact audit and audit
    scope
    1. Legal requirements place on audit
    2. Legal Requirement placed on auditee and its data
    8. Good Controls are the one who set and designed into the business
    application that supports the processes
    1. controls may be a combination of management, programmed
    and manual controls
    2. To EFFECTIVELY audit business application systems, an IS
    auditor must obtain a clear understanding of the application
    system under review.
    9. Controls
    1. Effective control is one that prevents, detects and/or limits
    an incident and enables recovery from a risk event.
    2. Controls are implemented to reduce risk to the organization
    3. The board of directors and senior management are
    responsible for establishing the appropriate culture to
    facilitate an effective and efficient internal control system
    4. Internal controls direct business or operational objectives
    5. Control objectives are narratives of the desired result
    1. Control Objective must have Effectiveness and Efficiency
    of operations
    6. An IS auditor analyze evidence gathered throughout the
    audit to determine if the operations analyzed are well
    controlled and effective
    7. Control matrix is usually used in assessing the proper level
    of controls
    8. An IS auditor should be aware of compensating controls in
    areas where controls have been identified as weak.
    1. While a compensating control situation occurs when one
    stronger control supports a weaker one, overlapping
    controls are two strong controls.
    10. RISK-BASED AUDIT PLANNING
    1. Effective risk-based auditing uses risk assessment to make
    the audit plan and minimize the audit risk during the
    execution of an audit.
    2. Risk-based audit methodology efficiently help an IS auditor in
    determining the nature and extent of testing
    3. Auditor need to understand the business, based on that they
    can identify and categorize the types of risk
    4. Risk assessment can be a scheme where risk has been given
    elaborate weights based on the nature of the business
    5. Audit Risk
    1. Inherent Risk = Risk before control
    2. Residual Risk: Risk left after implementing control
    3. Detection Risk: Risk which Auditor unable to identify
    4. Control Risk = Control ineffective
    5. Audit Risk = Inherent Risk x Control Risk x Detection Risk
    6. When preparing the overall Information System audit
    plan, a suitable risk assessment approach should be
    followed.
    11. Effective Risk assessment should be an ongoing process in an
    organization
    12. Type of Audit
    1. Information System Audit = Evaluate Information System
    2. Compliance audit = Evaluate the regulatory or industry-
    specific standard
    3. Financial audit = accuracy of financial reporting
    4. Operational audit = internal control in a given process
    5. Specialized audit = examine areas such as fraud or services
    performed by third parties.
    1. Third-Party Service Audit
    2. Fraud Audit
    3. Forensic Audit
    6. Computer forensic audit = Investigation of Electronic Devices
    7. Functional audit = Verifying Configuration Items

    You might also like