Standards and Guidelines for
IS Auditing (ISACA)
ISACA IS Auditing Standards
• The specialized nature of information
systems auditing and the skills and
knowledge necessary to perform such
audits require globally applicable
standards that pertain specifically to
information systems auditing
• ISACA functions is to provide information
to support knowledge requirement
The objectives of the ISACA IS
Auditing Standards are :
• Information system auditors of the minimum
level of acceptable performance required to
meet the professional responsibilities set out
in the Code of Professional Ethics for
information systems auditors
• Management and other interested parties of
the profession’s expectations concerning the
concerning the work of audit practitioners
The framework of ISACA
• Standards define mandatory requirements for IS auditing
and reporting
• Guidelines provide guidance in applying IS Auditing
Standards. The IS auditor should consider them in
determining how to achieve implementation of the above
standards, use professional judgment in their application
and be prepared to justify any departure
• Procedures provide examples of procedures an IS
auditor might follow in an audit engagement. The
procedure documents provide information on how to
meet the standards when completing information
systems auditing work, but do not set requirements
ISACA Auditing Standards
• Audit Charter
• Independence
– Professional Independence
– Organisation Independence
• Professional Ethics and Standards
• Professional Competence
• Planning
ISACA Auditing Standards
•
•
•
•
Performance of Audit Work
Reporting
Follow Up Activities
Irregularities and Illegal Acts
ISACA IS Auditing Procedures
• Procedures developed by the ISACA Standards
Board provide examples of possible process an
IS auditor might follow in an audit engagement.
• In determining the appropriateness of any
specific procedure, IS auditor should apply their
own professional judgment to the specific
circumstances. The procedure documents
provide information on how to meet the
standards when performing IS auditor work, but
do not set requirements.
Relationship Between Standards,
Guidelines and procedures
• Standards defined by ISACA are to be
followed by the IS auditor. Guidelines
provide assistance on how the auditor can
implement standards in various audit
assignment. Procedures provide the
examples of steps the auditor may follow
in specific audit assignment so as to
implement the standards. However, the IS
auditor should use professional judgment
when using guidelines and procedures.
IS Auditing Practices and
Techniques
•
•
•
•
•
•
•
•
Internal Control
Performing an IS audit
Audit Programs
Audit Methodologies
Audit Objectives
Computer Assisted Audit Techniques
Communicating Audit Results
Audit Documentation
Audit Methodologies
•
•
•
•
•
Audit subject
Audit objective
Audit scope
Preaudit planning
Audit procedures and steps for data
gathering
Audit Methodologies
• Procedures for evaluating the test or
review results
• Procedures to communication with
management
• Audit report preparation