1.7. Audit Objectives and Scope

Defining the scope and objectives of an audit is the first formal step of an audit engagement. It sets the stage and identifies the key areas of results. The CISA candidate must understand how this scope definition places boundaries around the activities, reporting requirements, and obligations of the audit.

Ideally, the audit scope and objectives definition is a collaborative effort in which the management of the business and its processes is heavily involved. The more input you can get from the management related to their insight into the inherent risks of the processes, the controls in place, and the challenges they face on a daily basis, the more valuable and relevant your audit report will be. The necessary first step in planning of an audit is discussing the objectives of the auditee relevant to the audit area and the technology infrastructure. After some experience, you will quickly recognize that the audit has already begun and you are informally interviewing the auditee and forming an opinion of the control environment as you plan the audit and seek their input. Part of the planning process will encompass understanding the business requirements and environment as input to materiality decisions made when planning an audit.

Based on the assigned objectives, you will present the plan to the client, seek their concurrence, and entertain their suggestions for modification of the scope. Sometimes you will be asking for documentation or tours ...

Get The CISA® Prep Guide: Mastering the Certified Information Systems Auditor Exam now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.