Book Image

CISA – Certified Information Systems Auditor Study Guide

By : Hemang Doshi
Book Image

CISA – Certified Information Systems Auditor Study Guide

By: Hemang Doshi

Overview of this book

Are you looking to prepare for the CISA exam and understand the roles and responsibilities of an information systems (IS) auditor? The CISA - Certified Information Systems Auditor Study Guide is here to help you get started with CISA exam prep. This book covers all the five CISA domains in detail to help you pass the exam. You’ll start by getting up and running with the practical aspects of an information systems audit. The book then shows you how to govern and manage IT, before getting you up to speed with acquiring information systems. As you progress, you’ll gain knowledge of information systems operations and understand how to maintain business resilience, which will help you tackle various real-world business problems. Finally, you’ll be able to assist your organization in effectively protecting and controlling information systems with IT audit standards. By the end of this CISA book, you'll not only have covered the essential concepts and techniques you need to know to pass the CISA certification exam but also have the ability to apply them in the real world.
Table of Contents (19 chapters)
1
Section 1: Information System Auditing Process
4
Section 2: Governance and Management of IT
7
Section 3: Information Systems Acquisition, Development, and Implementation
10
Section 4: Information System Operations and Business Resilience
13
Section 5: Protection of Information Assets

Audit evidence collection techniques

Auditing is a process of providing an opinion about functions or processes under the scope of a audit. This audit opinion is based on the evidence obtained during the audit process. Audit evidence plays a critical role in the audit process. Evidence on which audit opinions are based should be reliable, competent, and objective. The objective and scope of an audit are the best factors to determine the extent of the data requirement.

Reliability of evidence

An IS auditor should consider the sufficiency, competency, and reliability of the audit evidence. Evidence can be considered as competent when it is valid and relevant. The following factors can be considered to determine the reliability of audit evidence.

Independence of the evidence provider

The source of the evidence determines the reliability of the evidence. External evidence (obtained from a source outside the organization) is more reliable than evidence obtained within the organization. A signed...