CISA Section 1

The flashcards below were created by user Anonymous on FreezingBlue Flashcards.

  1. Difference between an Audit Charter and Engagement Letter
    An Audit Charter is an overarching document that covers the entire scope of audit activities, an engagement letter is more focused on a particular audit exercise.
  2. CAAT
    Computer Assisted Audit Techniques
  3. Risk
    Combination of the probability of an event and its consequence
  4. IT Risk
    Business risk associated with the use, ownership, operation, involvement, influence and adoption of IT w/in an enterprise.
  5. Risk Assessment Process
    • ID Business Objectives (BO)
    • ID Information assets supporting BOs
    • Perform Risk Assessment (RA)
    • Perform Risk Mitigation (RM)
    • Perform Risk Treatment (RT)
    • Perform Risk Reevaluation - repeat
  6. Risk Assessmnt
    Threat - Vulnerability- Probability - Impact
  7. Project management for audit steps
    • Plan the audit engagement
    • Build the audit plan
    • Execute the plan
    • Monitor the project activity
  8. Compliance Audit
    Specific tests of controls to demonstrate adherence to specific regulatory or industry standards
  9. Financial Audit
    Assess the accuracy of financial reporting
  10. Operational audit
    Evaluate the internal control structure in a give process or area.
  11. Audit Program
    Step by step set of audit procedures and instructions
  12. Components of an audit methodology
    • Statements of scope
    • Statement of audit objectives
    • Audit programs
  13. Audit Risk (def)
    Risk that information may contain a material error that may go undetected during the course of the audit
  14. Inherent Risk (IR)
    Level of risk without taking into the controls that management has implemented. Due to the nature of the business
  15. Control Risk
    • (CR)
    • Risk that a material error exists that would not be prevented or detected on a timely basis by a system of IC
  16. Detection risk (DR)
    Risk that material errors will not be detected by the auditor
  17. Statistical Sampling Risk
    Risk that incorrect assumptions are made about the characteristics of a population that a sample is selected from.
  18. Possible Risk Responses
    • Risk mitigation
    • Risk acceptance
    • Risk avoidance
    • Risk sharing/transfer
  19. Compliance testing
    Evidence gathering for the purpose of testing an organization's compliance with control procedures
  20. Substantive testing
    Evidence is gathered to evaluate the integrity of individual transactions, data or other information. Substantiates the integrity of actual processing. (Test for monetary errors)
  21. Relationship btw level of IC and amount of substantive testing
    Direct. Adequate controls, less testing
  22. Confidence coefficient
    Probability of error. Usually 90, 95, 99 etc
  23. Attribute sampling
    Looks for the presence or absence of the attributes
  24. Two general approaches to audit sampling
    Statistical and nonstatistical
  25. Two primary methods of sampling
    Attribute and variable
  26. Variable sampling
    Deals with population characteristics that vary, such as monetary values or weights. Provides conclusions related to deviations from the norm.
  27. What kind of testing usually uses attribute sampling
    Compliance testing
  28. What kind of testing usually uses variable sampling
    Substantive testing
  29. Types of Attribute Sampling
    • Attribute sampling (Fixed sample-size)
    • Stop-or-go¬†
    • Discovery sampling
  30. Attribute/fixed sample-size/frequency-estimated sampling
    Used to estimate the rate (%) of occurrence of a specific attribute in a population. Ex: Approval signatures on forms
  31. Stop-or-go sampling
    Stop sampling at earliest possible moment. Used when there are few errors
  32. Discovery sampling
    Used when the expected occurrence rate is very low. Used when the obj is to seek out fraud.
  33. Types of Variable sampling
    • Stratified Mean per unit
    • Unstratified mean per unit
    • Difference Estimation
  34. Stratified mean per unit sampling
    Population is divided into groups and samples are drawn from the various groups. Smaller sample size
  35. Un-Stratified mean per unit
    Sample mean is calculated and projected as an estimated total
  36. Difference stimation
    Estimate the total difference between audited values and book (unaudited) values based on difference obtained from sample observations
  37. Equation for Level of Risk
    1 - confidence coefficient
  38. Precision
    The acceptable range difference btw the sample and the actual population. Defined by auditor. % for attribute, value for variable.
  39. Relationship between Precision and sample size
    Higher Precision the smaller the sample size and the greater the risk of fairly large total error amounts go undetected. Smaller precision may lead to over sampling.
  40. Expected error rate
    % of the errors that may exist
  41. Relationship btw expected error rate and sample size
    Greater the expected error rate the greater the sample size
  42. Sample mean
    The sum of all sample values divided by the size of the sample
  43. Sample standard deviation
    Computes the variance of the sample values from the mean of the sample
  44. Tolerable error rate
    The max misstatement or number of errors that can exist w/o an account being materially misstated.
  45. Types of CAATs
    Generalized audit software (GAS), utility software, debugging and scanning software, test data, application software tracing and mapping, and expert systems
  46. Generalized Audit Software (GAS)
    Software that has the capability to directly read and access data from DBs
  47. Utility Software
    Subset of software, report generators of DBMS, provides evidence to auditors about system control effectiveness
  48. Test data
    Auditors use sample set of data to assess whether logic errors exist in a program and whether the program meets its objectives
  49. Control Self-Assessment (CSA)
    Assessment of controls made by the staff and management of the unit or units involved. Assures that the IC system of an org is reliable
  50. Steps to perform audit planning
    • Gain an understanding of the business
    • Understand changes in the business and its environment
    • Review prior work
    • ID policies, standards, etc
    • Perform risk analysis
    • Set scope and objectives
    • Develop audit approach or strategy¬†
    • Assign resources
Card Set:
CISA Section 1
2014-10-13 03:20:21

The process of auditing information systems
Show Answers: