CISA candidates are expected to have a basic understanding of the various types of audits that can be performed, internally or externally, and the basic audit procedures associated with each of them. These are as follows:
Type of Audit |
Description |
IS audit |
An IS audit is conducted to evaluate and determine whether an information system and any related infrastructure is adequately safeguarded and protected to maintain confidentiality, integrity, and availability. |
Compliance audit |
CA or more specifically, a compliance audit is conducted to evaluate and determine whether specific regulatory requirements are being complied with. |
Financial audit |
A financial audit is conducted to evaluate and determine the accuracy of financial reporting. A financial audit involves a detailed and substantive testing approach. |
Operational audit |
An operational audit is conducted to evaluate and determine the accuracy of an internal control system. It is designed to assess issues related to the efficiency of operational productivity within an organization. |
Integrated audit |
Here, different types of audit are integrated to combine financial, operational, and other types of audits to form a multi-faceted audit. An integrated audit is performed to assess the overall objectives to safeguard an asset's efficiency and compliance. It can be performed both by internal auditors or external auditors. An integrated audit includes compliance tests of internal controls. |
Specialized audit |
A specialized audit includes the following:
|
Computer forensic audit |
A computer forensic audit includes the analysis of electronic devices. An IS auditor can help in performing forensic investigations and conduct an audit of the system to ensure compliance. |
Functional audit |
A functional audit is conducted to evaluate and determine the accuracy of software functionality. A functional audit is conducted prior to software implementation. |
The following diagram shows various audits combined to form an integrated audit, giving an overall view of an organization's functioning:
As you can see, integrated audit tests the internal controls of an organization. It can be performed either by the internal audit team or an external audit firm.
Self-evaluation questions
- Which audit is designed to collect and evaluate an information system and any related resources?
- Compliance audit
- Operational audit
- IS audit
- Specialized audit
- Which audit involves specific tests of controls to demonstrate adherence to specific regulatory or industry standards?
- Operational audit
- Compliance audit
- Integrated audit
- Financial audit
- Which audit assesses the overall objectives within an organization in terms of safeguarding an asset's efficiency and compliance?
- Operational audit
- Compliance audit
- Integrated audit
- Financial audit
- Which audit involves the independent evaluation of software products, verifying it's configuration items?
- Functional audit
- Integrated audit
- Specialized audit
- Compliance audit
- In which audit can an IS auditor assist a forensic specialist in performing forensic investigations and conduct an audit of the system to ensure compliance?
- Specialized audit
- Integrated audit
- IS audit
- Computer forensic audit
- Which audit is designed to assess issues related to the efficiency of operational productivity within an organization?
- Administrative audit
- Integrated audit
- Compliance audit
- Operational audit