Summary ISACA : Information Systems Auditing: Tools and Techniques Creating Audit Programs
2 views 0 purchase
Course
ISACA
Institution
ISACA
TABLE OF CONTENTS
Introduction...................................................................................................................................................................3
Purpose of This Publication..............................................................................
Information
Systems Auditing:
Tools and Techniques
Creating Audit Programs
Abstract
Information systems audits can provide a multitude of benefits to an enterprise by ensuring the effective, efficient, secure and reliable
operation of the information systems so critical to organizational success. The effectiveness of the audit depends, in large part, on the
quality of the audit program.
,Information Systems Auditing: Tools and Techniques—Creating Audit Programs Table of Contents
TABLE OF CONTENTS
Introduction...................................................................................................................................................................3
Purpose of This Publication.........................................................................................................................................3
Audience......................................................................................................................................................................3
Scope and Approach....................................................................................................................................................3
Terminology..................................................................................................................................................................4
The Audit Process..........................................................................................................................................................5
Audit and Assurance Programs.....................................................................................................................................8
Objectives of Developing Audit and Assurance Programs..........................................................................................8
Minimum Skills to Develop an Audit and Assurance Program................................................................................... 9
Steps to Develop an Audit and Assurance Program.................................................................................................... 9
Appendix A—List of Resources...................................................................................................................................16
ISACA Resources......................................................................................................................................................16
Additional Resources..................................................................................................................................................16
, Information Systems Auditing: Tools and Techniques—Creating Audit Programs Introduction
INTRODUCTION
Organizations undertake audits for many reasons. An audit can help the enterprise ensure effective operations and
attest to its compliance with administrative and legal regulations. It can confirm for management that the business
is functioning well and is prepared to meet potential challenges. Perhaps most important, it can assure stakeholders
of the financial, operational and ethical well-being of the organization. Information systems (IS) audits support all
those outcomes, with a special focus on the information and related systems upon which most businesses and public
institutions depend for competitive advantage.
Achievement of the many benefits that can accrue to an effective audit depends on proper and thorough planning of
the audit engagement. The scope and the objective of the audit must be understood and accepted by both the auditor
and the area being audited. Once the purpose for the audit is clearly defined, the audit plan can be created, which
will encapsulate the agreed scope, objectives and procedures needed to obtain evidence that is relevant, reliable and
sufficient to draw and support audit conclusions and opinions.
An important component of the audit plan is the audit program, also known as work program. The audit program
is commonly used to document the specific procedures and steps that will be used to test and verify control
effectiveness. The quality of the audit program has a significant impact on the consistency and quality of the audit
results, so it is imperative that IS auditors understand how to develop comprehensive audit programs.
Purpose of This Publication
The purpose of this publication is to provide a basic understanding of the steps necessary to develop comprehensive
audit programs that clearly and consistently document the procedures that will be used to test controls and gather
supporting data. This guide is also intended to help audit/assurance professionals develop audit programs that
comply with generally accepted audit standards, especially those issued by ISACA,1 the Public Company Accounting
Oversight Board (PCAOB),2 the Institute of Internal Auditors (IIA),3 and the American Institute of Certified Public
Accountants (AICPA).4
This publication is not intended to provide technical guidance on how to audit specific technologies.
Audience
This guide is intended primarily for IS and non-IS audit/assurance professionals who need to gain an understanding
about the process to develop audit programs for IS audit engagements. This guide is also beneficial for
audit/assurance professionals who wish to enhance their skills in developing IS audit programs.
Scope and Approach
This publication is intended to provide practical guidance to develop audit programs from the ground up. The guide
has been organized into three main areas:
• Audit process overview
• Steps to develop an audit program
• List of resources
In addition, other audit program resources are available from ISACA at www.isaca.org/creating-audit-programs,
including a Sample Audit Program document and an Infographic—Step-by-Step Audit Plan Activities.
1
ISACA, ITAFTM: A Professional Practices Framework for IS Audit/Assurance, 3rd Edition, USA, 2014,
www.isaca.org/Knowledge-Center/ITAF-IS-Assurance-Audit-/Pages/default.aspx
2
PCAOB, General Audit Standards, AS 2101: Audit Planning, USA, 2015, http://pcaobus.org/Standards/Auditing/Pages/AS2101.aspx
3
The IIA, International Standards for the Professional Practice of Internal Auditing (Standards), USA, revised 2012,
https://na.theiia.org/standards-guidance/Public%20Documents/IPPF%202013%20English.pdf
4
AICPA, Due Professional Care in the Performance of Work, AU-C Section 300, Planning an Audit, USA, 2015,
www.aicpa.org/Research/Standards/AuditAttest/DownloadableDocuments/AU-C-00300.pdf
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller THEEXCELLENCELIBRARY. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $10.49. You're not tied to anything after your purchase.