 |
 |
Home |
 |
 |
 |
 |
ISACA Since inception in 1967, ISACA has become a pace-setting global organization for information governance, control, security and audit professionals. Its IS auditing and IS control standards are followed by practitioners worldwide The Certified Information Systems Auditor (CISA) is globally recognized certification in recognition of achievement for those who control, monitor and assess an organization’s information technology and business systems The Certified Information Security Manager (CISM) certification is a unique management focused certification, it defines the core competencies and international performance standards for professionals with information security management responsibilities
|
 |
 |
||
 |
ISACA audit Standards |
IS Audit Standards
The following are the standards adopted by the Information System Audit and Control Association (ISACA) and which must be observed by Certified Information Systems Auditors (CISA) in conducting audits. ISACA holds the copyrights of the standards and more detail about ISACA and the updates of these standards can be obtained by visiting ISACA website.
Information System Audit and Control Association's
STANDARDS FOR INFORMATION SYSTEMS AUDITING
010 AUDIT CHARTER
010.010 Responsibility, Authority and Accountability
The responsibility, authority and accountability of the information systems audit function are to be appropriately documented in an audit charter or engagement letter.
020 INDEPENDENCE
020.010 Professional Independence
In all matters related to auditing, the information systems auditor is to be independent of the auditee in attitude and appearance.
020.020 Organizational Relationship
The information systems audit function is to be sufficiently independent of the area being audited to permit objective completion of the audit.
030 PROFESSIONAL ETHICS AND STANDARDS
030.010 Code of Professional Ethics
The information systems auditor is to adhere to the Code of Professional Ethics of the Information Systems Audit and Control Association.
030.020 Due Professional Care
Due professional care and observance of applicable professional auditing standards are to be exercised in all aspects of the information systems auditor's work.
040 COMPETENCE
040.010 Skills and Knowledge
The information systems auditor is to be technically competent, having the skills and knowledge necessary to perform the auditor's work.
040.020 Continuing Professional Education
The information systems auditor is to maintain technical competence through appropriate continuing professional education.
050 PLANNING
050.010 Audit Planning
The information systems auditor is to plan the information systems audit work to address the audit objectives and to comply with applicable professional auditing standards.
060 PERFORMANCE OF AUDIT WORK
060.010 Supervision
Information systems audit staff are to be appropriately supervised to provide assurance that audit objectives are accomplished and applicable professional auditing standards are met.
060.020 Evidence
During the course of the audit, the information systems auditor is to obtain sufficient, reliable, relevant and useful evidence to achieve the audit objectives effectively. The audit findings and conclusions are to be supported by appropriate analysis and interpretation of this evidence.
070 REPORTING
070.010 Report Content and Form
The information systems auditor is to provide a report, in an appropriate form, to intended recipients upon the completion of audit work. The audit report is to state the scope, objectives, period of coverage, and the nature and extent of the audit work performed. The report is to identify the organization, the intended recipients and any restrictions on circulation. The report is to state the findings, conclusions and recommendations and any reservations or qualifications that the auditor has with respect to the audit.
080 FOLLOW-UP ACTIVITIES
080.010 Follow-Up
The information systems auditor is to request and evaluate appropriate information on previous relevant findings, conclusions and recommendations to determine whether appropriate actions have been implemented in a timely manner.