Audit process means encompasses the entire practice of IS auditing (procedure and methodology) which allows an IT auditor to perform audit in a professional manner.
There are five task within IT / IS Audit process area:
1. Develop and implement risk based IS audit strategy for the organization in compliance with audit standard, guideline and best practices.
2. Plan specific audit to ensure that IT and business system are controlled.
3. Concuct audit in accordance with IS audit standard, guidelines and best practices to meet planned audit objectives.
4. Communicate emerging issues, potential risk and audit result to key stakeholder.
5. Advise on implementation of risk management and control practice within the organization while maintaining independence.
We have to have knowledge in below area:
1. Knowledge of ISACA IS auditing standard, guideline and procedure
2. Knowledge of IS auditing practices and techniques.
3. Knowledge of techniques to gather information and preserve evidence.
4. Knowledge of evidence life cycle
5. Knowledge of control objective and control related
6. Knowledge of risk assessment in an audit context
7. Knowledge of audit planning and management techniques
8. Knowledge of reporting and communication techniques
9. Knowledge of control self assessment
10. Knowledge of continuous audit techniques
In an organization, IS audit function must be established by Audit charter. In addition, It must be approved by highest level of management and audit committee.
After established, IS auditor must be perform his job. First of all, thing that IS auditor must do is planning. It means adequate planning is a necessary first step in performing effective audit. Why planning? Because he needs to understand the general business environment as well as the associated business and control risk. He understands those by assessing operational and control risk and indentify control objectives.
To perform an audit planning, the IS auditor should:
There are five task within IT / IS Audit process area:
1. Develop and implement risk based IS audit strategy for the organization in compliance with audit standard, guideline and best practices.
2. Plan specific audit to ensure that IT and business system are controlled.
3. Concuct audit in accordance with IS audit standard, guidelines and best practices to meet planned audit objectives.
4. Communicate emerging issues, potential risk and audit result to key stakeholder.
5. Advise on implementation of risk management and control practice within the organization while maintaining independence.
We have to have knowledge in below area:
1. Knowledge of ISACA IS auditing standard, guideline and procedure
2. Knowledge of IS auditing practices and techniques.
3. Knowledge of techniques to gather information and preserve evidence.
4. Knowledge of evidence life cycle
5. Knowledge of control objective and control related
6. Knowledge of risk assessment in an audit context
7. Knowledge of audit planning and management techniques
8. Knowledge of reporting and communication techniques
9. Knowledge of control self assessment
10. Knowledge of continuous audit techniques
In an organization, IS audit function must be established by Audit charter. In addition, It must be approved by highest level of management and audit committee.
After established, IS auditor must be perform his job. First of all, thing that IS auditor must do is planning. It means adequate planning is a necessary first step in performing effective audit. Why planning? Because he needs to understand the general business environment as well as the associated business and control risk. He understands those by assessing operational and control risk and indentify control objectives.
To perform an audit planning, the IS auditor should:
- Gain an understanding of the business mission, business' objectives, business processes, information and processing requirements such as availability, integrity and security and information architecture requirements. In general terms, process and technology.
- Perform risk analysis
- Conduct internal control review
- Set the audit scope and audit objectives
- Develop the audit approach or audit strategy
- Assign resources to audit and address engagement logistics
