南審培訓(xùn)錄音2007chap1_第1頁
南審培訓(xùn)錄音2007chap1_第2頁
南審培訓(xùn)錄音2007chap1_第3頁
南審培訓(xùn)錄音2007chap1_第4頁
南審培訓(xùn)錄音2007chap1_第5頁
已閱讀5頁,還剩76頁未讀 繼續(xù)免費(fèi)閱讀

下載本文檔

版權(quán)說明:本文檔由用戶提供并上傳,收益歸屬內(nèi)容提供方,若內(nèi)容存在侵權(quán),請(qǐng)進(jìn)行舉報(bào)或認(rèn)領(lǐng)

文檔簡介

CISAReviewCourse

Chapter1

TheISAuditProcessProcessAreaOverviewIntroductionISACAstandardsandguidelinesforISauditingRiskanalysisInternalcontrolsPerforminganISauditControlselfassessmentEmergingchangesintheISauditprocessProcessAreaObjective

EnsurethattheCISAcandidate…

”HastheknowledgenecessarytoconductISauditsinaccordancewithgenerally-acceptedinformationsystemsauditstandardsandauditguidelinestoprovideastatementofassurancethattheorganization’sITandbusinesssystemsareadequatelycontrolled,monitoredandassessed"ProcessAreaSummary

AccordingtotheCertificationBoard,

thisProcessAreawillrepresentapproximately

10%

oftheCISAexamination

(approximately20questions).1.1IntroductionOrganizationoftheISAuditFunctionISAuditResourceManagementAuditPlanningShortandlongtermplanningIndividualassignmentplanningLawsandRegulations1.1IntroductionOrganizationoftheISAuditFunctionAuditCharter1.1IntroductionAuditResourceManagementISauditorsarelimitedresourcesAppropriateskillsandknowledgeConstraintsontheconductoftheauditProjectmanagementtechniques1.1IntroductionAuditPlanningAdequateplanningisanecessaryfirststepinperformingeffectiveITAuditsNeedtounderstandthegeneralbusinessenvironmentaswellastheassociatedbusinessandcontrolrisksAssessoperationalandcontrolrisksandidentifycontrolobjectivesduringauditplanning1.1IntroductionLawsandRegulationsRegulatoryrequirementsEstablishmentOrganization ResponsibilitiesCorrelationtofinancialand operationalauditfunctions1.1IntroductionLawsandRegulationsStepstodetermineanorganization’slevelofcompliancewithexternalrequirements:IdentifygovernmentorotherrelevantexternalrequirementsDocumentpertinentlawsandregulationsAssesswhetherthemanagementoftheorganizationandtheinformationsystemsfunctionhaveconsideredtherelevantexternalrequirementsinmakingplansandinsettingpolicies,standardsandprocedures.Reviewinternalinformationsystemsdepartment/function/activitydocumentsthataddressadherencetolawsapplicabletotheindustry.Determineadherencetoestablishedproceduresthataddresstheserequirements.1.2ISACAStandardsandGuidelinesforISAuditingISACACodeofProfessionalEthicsISACAStandardsforISAuditingISACAGuidelinesforISAuditing1.2ISACAStandardsandGuidelinesforISAuditing

TheAssociation’sCodeofProfessionalEthicsprovidesguidancefortheprofessionalandpersonalconductofmembersoftheAssociationand/orholdersoftheCISAdesignation.ISACACodeofProfessionalEthics1.2ISACAStandardsandGuidelinesforISAuditingInformISauditorsoftheminimumlevelofacceptableperformancerequiredtomeetprofessionalresponsibilitiessetoutintheISACACodeofProfessionalEthics.Informmanagementandotherinterestedpartiesoftheprofession’sexpectationsconcerningtheworkofpractitioners.

ObjectivesforISACA’sStandards1.2ISACAStandardsandGuidelinesforISAuditingStandardsGuidelinesProceduresFrameworkfortheISACA’sInformationSystemsAuditingStandards:1.2ISACAStandardsandGuidelinesforISAuditingS1-Auditcharter S2-IndependenceS3-ProfessionalEthicsandStandardsS4-Competence

ThestandardsapplicabletoISauditingare:1.2ISACAStandardsandGuidelinesforISAuditing

S5-PlanningS6-PerformanceofAuditWorkS7-ReportingS8-Follow-upactivities

ThestandardsapplicabletoISauditingare:Continued...1.2ISACAStandardsandGuidelinesforISAuditing

S9-IrregularitiesandIllegalActsS10-ITgovernanceS11-UseofRiskAssessmentinAuditPlanning

ThestandardsapplicabletoISauditingare:Continued...1.2ISACAStandardsandGuidelinesforISAuditingS1-AuditCharterResponsibility,AuthorityandAccountability1.2ISACAStandardsandGuidelinesforISAuditingS2-IndependenceProfessionalIndependenceOrganizationalRelationship1.2ISACAStandardsandGuidelinesforISAuditingS3-ProfessionalEthicsandStandardsCodeofProfessionalEthicsDueProfessionalCare1.2ISACAStandardsandGuidelinesforISAuditingS4-CompetenceSkillsandKnowledgeContinuingProfessionalEducation1.2ISACAStandardsandGuidelinesforISAuditing

S5-PlanningAuditPlanning1.2ISACAStandardsandGuidelinesforISAuditingS6-PerformanceofAuditWorkSupervisionEvidence1.2ISACAStandardsandGuidelinesforISAuditingS7-ReportingReportContentandForm1.2ISACAStandardsandGuidelinesforISAuditingS8-Follow-upActivitiesReviewpreviousrelevantfindingsReviewpreviousconclusionsandmendations1.2ISACAStandardsandGuidelinesforISAuditingS9-IrregularitiesandIllegalActs

1.2ISACAStandardsandGuidelinesforISAuditingS10-ITgovernance

1.2ISACAStandardsandGuidelinesforISAuditingS11-UseofRiskAssessmentinAuditPlanning

1.2ISACAStandardsandGuidelinesforISAuditingConsidertheguidelinesindetermininghowtoimplementtheabovementionedstandards.Useprofessionaljudgementinapplyingthem.Beabletojustifyanydeparture.

TheISauditorshould:1.3RiskAnalysis

“Thepotentialthatagiventhreatwillexploitvulnerabilitiesofanassetorgroupofassetstocauselossordamagetotheassets.Theimpactorrelativeseverityoftheriskisproportionaltothebusinessvalueoftheloss/damageandtotheestimatedfrequencyofthethreat.”1.3RiskAnalysisThreatsto,andvulnerabilitiesof,processesand/orassets(includingbothphysicalandinformationassets)ImpactonassetsbasedonthreatsandvulnerabilitiesProbabilitiesofthreats(combinationofthelikelihoodandfrequencyofoccurrence)1.4InternalControlsDefinitionofInternalControlInternalcontrolisaprocessputinplacebytheboardofdirectors,seniormanagementandalllevelsofpersonneltoprovidereasonableassurancethatanorganization'sobjectiveswillbeachieved.1.4InternalControlsControlsPreventiveDetectiveCorrective1.4InternalControlsInternalControlObjectivesISControlObjectivesCobiTGeneralControlProceduresISControlProceduresControlClassifications1.4InternalControlsInternalControlObjectivesInternalcontrolsystemcomponentsInternalaccountingcontrolsOperationalcontrolsAdministrativecontrolsRelevantissues1.4InternalControlsISControlObjectives1.4InternalControlsCOBITITcontrolobjectivesandstandardsofgoodpractice34high-levelcontrolobjectivesExamples1.4InternalControlsGeneralControlProcedures1.4InternalControlsISControlProceduresControlproceduresincludepoliciesandpracticesestablishedbymanagementtoprovidereasonableassurancethatspecificobjectiveswillbeachieved1.4InternalControlsISControlProcedurescanbecategorizedintothefollowingareas:GeneralorganizationcontrolproceduresAccesstodataandprogramsSystemdevelopmentmethodologiesDataprocessingoperationsSystemsprogrammingandtechnicalsupportfunctionsDataprocessingqualityassuranceprocedures1.5PerforminganISAudit

DefinitionofauditingSystematicprocessbywhichacompetent,independentpersonobjectivelyobtainsandevaluatesevidenceregardingassertionsaboutaneconomicentityoreventforthepurposeofforminganopinionaboutandreportingonthedegreetowhichtheassertionconformstoanidentifiedsetofstandards.

1.5PerforminganISAudit

Classificationofaudits:FinancialAuditsOperationalAuditsIntegratedAuditsAdministrativeAuditsInformationSystemsAudits1.5PerforminganISAudit

DefinitionofISauditing

ISauditingistheprocessofcollectingandevaluatingevidencetodeterminewhetherinformationsystemsandITenvironmentsadequatelysafeguardassets,maintaindataandsystemintegrity,providerelevantandreliableinformation,achieveorganizationalgoalseffectively,consumeresourcesefficiently,andhaveineffectinternalcontrolsthatprovidereasonableassurancethatoperationalandcontrolobjectiveswillbemet.1.5PerforminganISAuditGeneralAuditProceduresObtainingandrecordinganunderstandingofauditarea/subjectRiskassessmentandgeneralauditplanDetailedauditplanningPreliminaryreviewofauditarea/subjectEvaluatingauditarea/subjectCompliancetesting(testofcontrols)SubstantivetestingReportingFollow-up1.5PerforminganISAuditControlobjectivesAuditObjectivesDifferencebetweencontrolandauditobjectives1.5PerforminganISAuditAuditMethodology/StrategyStatementofscopeStatementofauditobjectivesStatementofworkprogramTypicalAuditPhases1.5PerforminganISAuditMateriality-anexpressionoftherelativesignificanceorimportanceofaparticularmatterinthecontextoftheorganisationasawhole.重要性-是指被審計(jì)單位會(huì)計(jì)報(bào)表中錯(cuò)報(bào)或漏報(bào)的嚴(yán)重程度,這一程度在特定環(huán)境下可能影響會(huì)計(jì)報(bào)表使用者的判斷或決策。思考題在一次財(cái)務(wù)審計(jì)中,重要性水平確定為100000元,因此,余額小于100000元以下的賬戶不用檢查.1.5PerforminganISAuditRisk-basedapproachFocusesonthebusinessfromamanagementperspectiveEmphasisonknowledgeofthebusinessandtechnologyFocusesonassessingtheeffectivenessofa“combination”ofcontrolsLinkagebetweenriskassessmentandtestingfocusingoncontrolobjectives.1.5PerforminganISAudit

Auditriskcanbecategorizedas:

InherentRiskControlRiskDetectionRiskOverallAuditRiskRiskAssessmentTechniquesEnablesmanagementtoeffectivelyallocatelimitedauditresources.Ensuresthatrelevantinformationhasbeenobtained.Establishesabasisforeffectivelymanagingtheauditdepartment.Providesasummaryofhowtheindividualauditsubjectisrelatedtotheoverallorganizationandtobusinessplans.1.5PerforminganISAudit1.5PerforminganISAuditRelationshipbetweenSubstantiveandCompliancetestsCorrelationbetweenthelevelofinternalcontrolsandSubstantiveTestingRequired1.5PerforminganISAudit

Evidence–Itisarequirementthattheauditor’sconclusionsmustbebasedonsufficient,competentevidence.IndependenceoftheprovideroftheevidenceQualificationoftheindividualprovidingtheinformationorevidenceObjectivityoftheevidence1.5PerforminganISAuditTechniquesforgatheringevidence:ReviewISorganizationstructuresReviewISpolicies,proceduresandstandardsReviewISdocumentationInterviewappropriatepersonnelObserveprocessesandemployeeperformance.1.5PerforminganISAuditSamplingGeneralapproachestoauditsampling:StatisticalsamplingNon-statisticalsamplingMethodsofSamplingusedbyauditors:AttributesamplingVariablesampling1.5PerforminganISAuditSampling(Continued…)AttributesamplingAttributesamplingStop-or-gosamplingDiscoverysamplingVariableSampling:StratifiedmeanperunitUnstratifiedmeanperunitDifferenceestimationStatisticalsamplingterms:ConfidentcoefficientLevelofriskPrecisionExpectederrorrateSamplemeanSamplestandarddeviationTolerableerrorratePopulationstandarddeviationKeystepsinchoosingasample1.5PerforminganISAuditComputer-assistedAuditTechniquesCAATSareasignificanttoolsforISauditorstogatherinformationindependently.Includes:Generalizedauditsoftware(ACL,IDEA,etc.)UtilitysoftwareTestdataApplicationsoftwareforcontinuousonlineauditsAuditexpertsystems1.5PerforminganISAuditComputer-assistedAuditTechniquesNeedforCAATsEvidencecollectionFunctionalCapabilitiesFunctionssupportedAreasofconcern1.5PerforminganISAuditComputer-assistedAuditTechniquesExamplesofCAATsusedtocollectevidenceContinuousOnlineAuditApproach1.5PerforminganISAuditComputer-AssistedAuditTechniquesAdvantagesofCAATsCost/benefitsofCAATs1.5PerforminganISAuditComputer-assistedAuditTechniquesDevelopmentofCAATsDocumentationretentionAccesstoproductiondataDatamanipulation1.5PerforminganISAuditEvaluationofstrengthsandweaknessesAssesevidenceEvaluateoverallcontrolstructureEvaluatecontrolobjectivesAssesscontrolstrengthenandweaknesses

1.5PerforminganISAuditJudgingMaterialityofFindingsMaterialityisakeyissueAssessmentrequiresjudgmentofthepotentialeffectofthefindingifcorrectiveactionisnottaken.1.5PerforminganISAudit

CommunicatingAuditResultsAuditreportstructureandcontentsExitinterviewPresentationtechniquesExecutivesummaryVisualpresentation1.5PerforminganISAudit1.5PerforminganISAuditManagementActionstoImplementmendationsAuditingisanongoingprocessTimingoffollow-upAuditDocumentationConstrainsontheConductoftheAuditProjectManagementTechniquesDevelopadetailedplanReportprojectactivityagainsttheplanAdjusttheplanandtakecorrectiveaction,asrequired1.5.17AuditDocumentation1.6ControlSelf-AssessmentBenefitsofCSADisadvantagesofCSAAuditorRoleinCSATechnologyDriversforCSATraditionalvs.CSAApproach1.7EmergingChangesintheISAuditProcessAutomatedWorkPapersIntegratedAuditingContinuousAuditing1.8 Chapter1CaseStudy1.8.1CaseStudyScenario

1.8.2CaseStudyQuestions

Chapter1:GlossaryAdministrativecontrolsAttributesamplingAuditriskCompliancetestingCAATControlriskEmbeddedauditmodulesMaterialityChapter1:Questions1.AnISauditor,performingareviewofanapplication’scontrols,discoversaweaknessinsystemsoftware,whichcouldmateriallyimpacttheapplication.TheISauditorshould:A.ignorethesecontrolweaknessesasasystemsoftwarereviewisbeyondthescopeofthisreview.B.conductadetailedsystemsoftwarereviewandreportthecontrolweaknesses.C.includeinthereportastatementthattheauditwaslimitedtoareviewoftheapplication’scontrols.D.reviewthesystemsoftwarecontrolsasrelevantandmendadetailedsystemsoftwarereview.Chapter1:Questions2.AnISauditor’sindependencewouldMOSTlikelybequestionedif:A.theclienthasagreedtothescopeoftheaudit.B.ISmanagementhashadinputintotheschedulingoftheaudit.C.theclientwillhavefinalauthorityonthecontentsoftheauditreport.D.theaudithasbeenrequestedbythemanagementoftheareatotheaudited.Chapter1:Questions3.WhichofthefollowingistheMOSTappropriateauditevaluationtechniquetoprovideassurancethatadequatedatabackupsexisttoallowtimelyrecoveryofsystemoperationsfollowingservicedisruptions?A.Stop-or-gosamplingB.InterviewpersonnelandreviewinformationsystemsorganizationstructureC.ReviewapplicabledocumentedproceduresandobservetheprocessD.UseanyautomatedtoolChapter1:Questions4.TheISdepartmenthasbeenrequestedbyexecutivemanagementtoreviewsystemsoftwareaccesscontrols.TheISauditdepartmentdoesnothaveonstaffanyonewithknowledgeinthisarea.Theyshould:A.performtheauditandacknowledgeinthereportalackofexpertise.B.conducttheauditwiththeassistanceofthesystemsoftwaremanager.C.obtaintraininginsystemsoftwareandthenperformtheaudit.D.conducttheassignmentbylearningon-the-job.Chapter1:Questions5.Theobjectiveof

溫馨提示

  • 1. 本站所有資源如無特殊說明,都需要本地電腦安裝OFFICE2007和PDF閱讀器。圖紙軟件為CAD,CAXA,PROE,UG,SolidWorks等.壓縮文件請(qǐng)下載最新的WinRAR軟件解壓。
  • 2. 本站的文檔不包含任何第三方提供的附件圖紙等,如果需要附件,請(qǐng)聯(lián)系上傳者。文件的所有權(quán)益歸上傳用戶所有。
  • 3. 本站RAR壓縮包中若帶圖紙,網(wǎng)頁內(nèi)容里面會(huì)有圖紙預(yù)覽,若沒有圖紙預(yù)覽就沒有圖紙。
  • 4. 未經(jīng)權(quán)益所有人同意不得將文件中的內(nèi)容挪作商業(yè)或盈利用途。
  • 5. 人人文庫網(wǎng)僅提供信息存儲(chǔ)空間,僅對(duì)用戶上傳內(nèi)容的表現(xiàn)方式做保護(hù)處理,對(duì)用戶上傳分享的文檔內(nèi)容本身不做任何修改或編輯,并不能對(duì)任何下載內(nèi)容負(fù)責(zé)。
  • 6. 下載文件中如有侵權(quán)或不適當(dāng)內(nèi)容,請(qǐng)與我們聯(lián)系,我們立即糾正。
  • 7. 本站不保證下載資源的準(zhǔn)確性、安全性和完整性, 同時(shí)也不承擔(dān)用戶因使用這些下載資源對(duì)自己和他人造成任何形式的傷害或損失。

評(píng)論

0/150

提交評(píng)論