Developing a risk-based IS audit process that can be implemented in accordance with generally accepted audit standards and guidelines will ensure that your organization's systems and information technology are adequately controlled and are meeting the needs of the business. This chapter will outline the steps necessary to implement such a process. Knowledge of this subject matter comprises 10 percent of the CISA exam content. Required knowledge for these processes are described in detail and some insight on managing the process to best meet the needs of the organization as well as to achieve reliable and defendable audit objectives and results will be explained. By the end of this chapter, you should have a working knowledge about the following tasks:
Developing and implementing risk-based IS audit scopes and objectives in compliance with generally accepted audit standards that will ensure that information technology and business processes are adequately controlled to meet the organization's business objective
Planning IS audits
Obtaining sufficient, relevant, and reliable evidence to achieve the audit objectives
Analyzing that evidence to identify the control weaknesses and to reach conclusions
Reviewing the work performed to provide reasonable assurance that the audit objectives were achieved and the conclusions were appropriate
Communicating the resultant audit findings and recommendations to key stakeholders
Facilitating risk management ...