The Information Systems Audit and Control Association (ISACA) standards and guidelines for IS auditing and the code of professional ethics for certified IS auditors are the first references the CISA candidate must become familiar with. This information is the internationally recognized basis of all IS audit activity and provides the foundation of defendable and binding audit work. The standards define the mandatory requirements for IS auditing and reporting that the CISA certificate holders are required to follow. These standards are fairly straight forward and describe the basics of the IS auditing requirements:
The responsibility, authority, and accountability of the IS audit function are appropriately documented in an audit charter or engagement letter.
In all matters related to auditing, the IS auditor is independent of the auditee in attitude and appearance.
The IS audit function is sufficiently independent of the area being audited to permit objective completion of the audit.
The IS auditor must adhere to the Code of Professional Ethics of ISACA.
Due professional care and observance of applicable professional auditing standards are exercised in all aspects of the IS auditor's work.
The IS auditor is technically competent, having the skills and knowledge necessary to perform the auditor's work.
The IS auditor must maintain technical competence through the appropriate continuing professional education.
The IS auditor must plan the IS audit work in order ...