CISA Domain 1: The Process of
Auditing Information Systems
Audit Charter - Answer- Outlines the auditor's responsibility, authority and
accountability. The charter document grants authority to the audit function on behalf
of the board of directors and company stakeholders. Describes role of IS audit
function.
Inherent Risk - Answer- Exists independently of an audit and can occur because of
the nature of the business. To successfully conduct an audit, it is important to be
aware of the related business processes. To perform the audit, the IS auditor needs
to understand the business process, and by understanding the business process, the
IS auditor better understands the inherent risk.
Detection Risk Assessment - Answer- Performed only after the inherent and control
risk assessments have been performed to determine ability to detect either errors
within a targeted process
Control Risk Assessment - Answer- Performed after the inherent risk assessment
has been completed and is to determine the level of risk that remains after controls
for the targeted process are in place.
Fraud Risk Assessment - Answer- A subset of a control risk assessment in which the
auditor determines if the control risk addresses the ability of internal and/or external
parties to commit fraudulent transaction within the system
While developing a risk based audit program the IS auditor will most likely focus on
Business Processes - Answer- Business Process audit - Focuses on the
understanding of the nature of the business and being able to identify and categorize
risk. Business risk impacts the long-term viability of a specific business.
Control Risk - Answer- The risk that a material error exists that will not be prevented
or detected in a timely manner by the system of internal controls.
Detection Risk - Answer- The risk that a material misstatement with a management
assertion will not be detected by the auditors substantive tests. It consists of two
components, sampling risk and non-sampling risk.
Substantive Testing - Answer- A substantive test includes gathering evidence to
evaluate the integrity (completeness, accuracy or validity) of individual transactions,
data or other information.
An audit procedure that examines the financial statements and supporting
documentation to see if they contain errors. These tests are needed as evidence to
support the assertion that the financial records of an entity are complete, valid and
accurate.
Auditing Information Systems
Audit Charter - Answer- Outlines the auditor's responsibility, authority and
accountability. The charter document grants authority to the audit function on behalf
of the board of directors and company stakeholders. Describes role of IS audit
function.
Inherent Risk - Answer- Exists independently of an audit and can occur because of
the nature of the business. To successfully conduct an audit, it is important to be
aware of the related business processes. To perform the audit, the IS auditor needs
to understand the business process, and by understanding the business process, the
IS auditor better understands the inherent risk.
Detection Risk Assessment - Answer- Performed only after the inherent and control
risk assessments have been performed to determine ability to detect either errors
within a targeted process
Control Risk Assessment - Answer- Performed after the inherent risk assessment
has been completed and is to determine the level of risk that remains after controls
for the targeted process are in place.
Fraud Risk Assessment - Answer- A subset of a control risk assessment in which the
auditor determines if the control risk addresses the ability of internal and/or external
parties to commit fraudulent transaction within the system
While developing a risk based audit program the IS auditor will most likely focus on
Business Processes - Answer- Business Process audit - Focuses on the
understanding of the nature of the business and being able to identify and categorize
risk. Business risk impacts the long-term viability of a specific business.
Control Risk - Answer- The risk that a material error exists that will not be prevented
or detected in a timely manner by the system of internal controls.
Detection Risk - Answer- The risk that a material misstatement with a management
assertion will not be detected by the auditors substantive tests. It consists of two
components, sampling risk and non-sampling risk.
Substantive Testing - Answer- A substantive test includes gathering evidence to
evaluate the integrity (completeness, accuracy or validity) of individual transactions,
data or other information.
An audit procedure that examines the financial statements and supporting
documentation to see if they contain errors. These tests are needed as evidence to
support the assertion that the financial records of an entity are complete, valid and
accurate.
