July 30, 2011

Exam Essentials - Secrets of a Successful Auditor


Know the purpose of policies, standards, guidelines, and procedures. Policies are high-level objectives designated by a person of authority, and compliance to policies is mandatory. Standards ensure a minimum level of uniform compliance to a policy, and compliance to standards is mandatory. Guidelines advise with preferred objectives and useful information in the absence of a standard. Guidelines are often discretionary. Procedures are a cookbook recipe of specific tasks necessary to implement a standard. Compliance to procedures is mandatory.
Know the ISACA standards governing professional conduct and ethics. The auditor is expected to perform with the highest level of concern and diligence. Each audit should be conducted in accordance with professional standards and objectivity, and should implement best practices.
Understand the general purpose of the audit and the role of the IS auditor. The purpose of auditing is to challenge the assertions of management and to determine whether evidence will support management's claims.
Understand an audit role versus a nonaudit role. There are only two roles in an audit. The first role is that of the auditor who performs an objective review, and the second is the role of everyone else. A person cannot be an auditor and also involved in the design or operation of the audit subject.
Understand the importance of IS auditor independence. It is unlikely that an auditor could be truly independent if the auditor were involved with the subject of the audit. Auditor independence is an additional assurance of truth.
Know the difference between discretionary and mandatory language. In regulatory language, the word shall designates a mandatory requirement. The word shall indicates that there is no excuse for failing to meet the stated objective, even if compliance would cause a financial loss. The word should indicates a recommendation that could be optional, depending on the circumstance.
Know the different types of audits. The types of audit are financial, operational (SAS-70), integrated (SAS-94), compliance, administrative, and information systems.
Understand the importance of IS auditor confidentiality. The IS auditor shall maintain confidentiality at all times to protect the client. Sensitive information should not be revealed at any time. Your client expects you to protect their secrets whenever legally possible.
Understand the need to protect audit documentation. The data must be protected with access controls and regular backup. Sensitive information is the property of the owner, and its confidentiality shall be protected by the auditor. A document archive is created during the audit and is subject to laws governing record retention.
Know how to use standard terms of reference. The auditor should communicate by using standardized terms of reference to avoid misunderstanding or confusion. The standard terminology should be defined through a mutual agreement at the beginning of the audit.
Understand application of the evidence rule. Audit evidence needs to be confirmed or verified to ensure that it is actually used in the production process.
Identify who the auditor may need to interview. The IS auditor needs to consider the roles of data owner, data user, and data custodian when selecting persons to interview. Data owners specify controls, data users are to follow acceptable usage requirements, and custodians protect the information while supporting data users.
Understand the organizational structure. Officers of an organization are usually persons with the title of vice president or higher, up to the board of directors. Department directors, managers, and staff workers are seldom liable for the organization, unless criminal activity is involved.

1 comment:

  1. How to value company?

    Entrepreneurs generally inquire, tips on how to value company May be the amount simply just ripped from nothing? The simple truth ishow to value company is a rather easy strategy. The Enpowergroup.com worth regarding virtually any small business, publicly-traded share, as well as various other personal asset can be the sum the existing worth of the funds streams required to possibly be generated through which investment decision. Today’s worth is a purpose of the predicted potential world wide web funds streams how the owner as well as investor can expect for getting by possession of their asset, reduced presenting trip to the risk-adjusted low cost charge. Obviously, funds streams that could take place all 5 many years by today are well worth less throughout today ’s bucks, because of a volume of aspects including risk along with the “time worth regarding cash.
    With our broad selection of Capital Raising ranging from conventional lending options and responsibilities to be able to difficult structured financing, we’ll assist acquire your organization to the next degree. Our understanding and practical knowledge within determining the Capital Raising for the buyers throughout goods allow us all to address all our own clients’ cash wants, such as purchase financing, buyouts, control buyouts, growth cash, affected property financing, recapitalization, pre-IPO placements, shareholder financing, and so on.

    ReplyDelete