Domain 1: Part 2 (Audit Evidence Collection Techniques)

0.0(0)
studied byStudied by 0 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/8

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

9 Terms

1
New cards

Evidence

  • any information used by an IS auditor to determine whethe rthe entity or data being audited follows the established criteria or objectives and supports audit conclusions

  • includes

    • is auitors observations

    • notes taken from interviews

    • results of independence confirmations

    • materak extracted from correspondence with external partners

    • results of audit test procedures

  • is auditor must focus on the objectives of the audit and not on the nature of this

  • considered competent when it is both valid and relevant

2
New cards

Reliability of audit

Determined by

  • independence and qualifications of the evidence provider

  • objectivity and timing of the evidence

3
New cards

Reviewing IS

Techniques for Gathering Evidence

  • organization structures

    • assess the level of control the org provides

  • policies and procedures

    • verify that management assumes full responsibility for creation and controlling policies containing general aims and directives

  • standard

    • understand the existing standards in place

  • documentation

    • first step in doing this is to understand existing documentation in place

    • documentation can be a hard copy or stored electronically

      • controls to preserve this should evaluated

4
New cards

Interview appropriate personnel

Techniques for Gathering Evidence

  • interview form + checklist is a good approach

  • personnel interviews are discovery in nature and should never be accusatory

5
New cards

Observe process and employee performance

Techniques for Gathering Evidence

  • audit report may not be timely and so the use of interim report

  • documentary evidence may be considered

6
New cards

Reperformance

Techniques for Gathering Evidence

  • provides better evidence than other techniques

  • used when combination of inquiry, observation, and examination of evidence does not suffice

7
New cards

Walk-through

Techniques for Gathering Evidence

  • confirm the understanding of controls

8
New cards

Interviews and observation

Doing this at personnel in the performance of their duties assists an IS auditor in identifying

  • actual functions

    • confirms that the individual assigned to perform a function is actually the one doing the job. witnesses how policies are being understood and practiced

  • actual processes/procedures

    • performing a walkthrough of processes allows the obtaining evidence of compliance and observe deviations. useful for physical controls

  • security awareness

    • this should be observed to determine individuals understanding of good preventative and detective security measures

  • reporting relationships

    • should be observed to ensure that assigned responsibilities and SoD are being practiced

  • observation drawbacks

    • observer may interfere with the observed environment. personnel notice they are being interviewed and changes behavior

9
New cards