CISA Series - Part 2C Audit Process

Transcript

1. CISA Series – Part 2C The Information Systems Audit Process

    Enterprise Risk Assessment, Audit Universe Development, and Strategic Audit Planning, Individual Engagement Planning and Audit Project Management

2. Series Overview Part 1 — Introduction, Standards and Ethics, Audit

   Lifecycle Overview, Part 2 — Governance, Foundation of the Audit Function, and Understanding the Business Environment Part 3 — Enterprise Risk Assessment, Audit Universe Development, and Strategic Audit Planning, Individual Engagement Planning and Audit Project Management Part 4 — Audit Execution and Fieldwork, Evidence Collection, Data Analytics, and Technology-Enabled Auditing Part 5 — Data Analytics, Technology-Enabled Auditing, Evaluation of Findings, and Root Cause Analysis Part 6 - Audit Reporting, Communication, and Follow- Up Activities, Quality Assurance and Continuous Improvement

3. Agenda Introduction Enterprise Risk Assessment Understanding the Control Environment Audit

   Universe Development Strategic Audit Planning Individual Engagement Planning Integrated Audit Process Flow Key CISA Points to Remember

4. Why Planning is Critical in IS Auditing Planning establishes the

   audit methodology, procedures and communication approach before fieldwork begins. Well-planned audits are more likely to meet deadlines, budgets and stakeholder expectations. Risk-based planning ensures audit resources are allocated where they provide the greatest value. Good planning improves the quality, reliability and relevance of audit evidence collected. Pre-audit planning helps identify key risks, controls, stakeholders and regulatory requirements early. Effective planning improves audit efficiency and reduces wasted effort and scope creep. Planning helps define clear audit objectives, scope, timelines and resource requirements. Proper planning ensures the audit focuses on the highest-risk and highest-impact areas.

5. Relationship Between Risk, Controls and Assurance Risk represents the possibility

   that business objectives may not be achieved. Controls are implemented to reduce the likelihood or impact of risk events. Strong controls improve the organisation’s ability to achieve business objectives securely and reliably. Auditors evaluate whether controls are adequately designed and operating effectively. Assurance is the confidence provided that risks are being managed to an acceptable level. Weak or ineffective controls increase residual risk and reduce assurance. Effective controls support confidentiality, integrity, availability, compliance and operational reliability. Risk assessments help auditors determine which controls require the greatest audit attention. The goal of auditing is not to eliminate all risk, but to provide reasonable assurance that controls are effective.
6. None
7. None
8. None
9. None
10. None
11. None
12. None
13. None
14. None
15. None
16. None
17. None
18. None
19. None
20. None
21. None

22. CISA Exam Reminders  Risk drives audit planning.  The

    audit universe drives strategic planning.  Strategic plans drive engagement selection.  Engagement planning drives audit execution.  Controls reduce risk but rarely eliminate it completely.  Materiality determines audit significance.  High-risk areas require deeper audit attention.  Independence and objectivity are essential throughout the audit lifecycle.  Audit evidence must support conclusions.  Communication with stakeholders is critical at every stage.

23. NEXT IN THE SERIES Part 2C Audit Execution and Fieldwork,

    Evidence Collection, Data Analytics, and Technology-Enabled Auditing Audit Execution and Fieldwork Evidence Collection Data Analytics in Auditing Technology-Enabled Auditing

24. Disclaimer Based on practical experience and interpretation Not affiliated with

    any organization •Like •Share •Subscribe •Follow the series Thank You