, CISA Domain 1 & 2: CISA Chapter 1 Common Terms
and Definitions
Audit Charter - Ans document that states management's objectives for and delegation of
authority to IS audit. Should be approved at the highest levels of management, and should
outline the overall authority scope, and responsibilities of the audit function. Should not
significantly change over time.
Engagement Letter - Ans a letter that formalizes the contract between the auditor and the
client and outlines the responsibilities of both parties; focused on a particular audit exer-
cise that is sought to be initiated in an organization with a specific objective in mind
Audit Plan - Ans A list of the audit procedures the auditors need to perform to gather suffi-
cient appropriate evidence on which to base their opinion on the financial statements; con-
sists of both short-term and long-term planning
Sarbanes-Oxley Act of 2002 - Ans Law that requires companies to maintain adequate sys-
tems of internal control
Professional Independence - Ans In all matters related to the audit, the IS auditor should
be independent of the auditee in both attitude and appearance
Organizational Independence - Ans The IS audit function should be independent of the
area or activity being reviewed to permit objective completion of the audit assignment
Audit Risk - Ans the risk that information may contain a material error that may go unde-
tected during the course of the audit
Error Risk - Ans the risk of errors occurring in the area being audited
Information Technology Assurance Framework (ITAF) - Ans provides an integrated pro-
cess (involving technical and non-technical aspects) for developing and deploying IT sys-
tems with intrinsic and appropriate security measures in order to meet the organizations
mission
General standards - Ans standards that establish the guiding principles under which the IT
assurance profession operates; they apply to the conduct of all assignments, and deal with
the IT audit and assurance professional's ethics, independence, objectivity and due care,
as well as knowledge, competency and skill
Performance standards - Ans standards that establish baseline expectations in the con-
duct of IT assurance engagements; focused on the design of the assurance work, the con-
duct of the assurance, the evidence required, and the development of assurance and audit
findings and conclusions
Reporting standards - Ans standards that address the types of audit reports, means of
communication, and information to be communicated at the conclusion of an audit
Risk analysis - Ans part of audit planning, and helps identify risks and vulnerabilities so the
IS auditor can determine the controls needed to mitigate those risks
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller dennys. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $8.49. You're not tied to anything after your purchase.
