Select Page

We already discussed the ISACA auditing standards and if you have read the standards, you must have found that these are very brief. They are like commandments about what is expected from a CISA auditor who has to be in compliance with the ISACA auditing standards when performing an IS Audit. But these standards do not exactly specify in detail what is expected of an IS auditor and how he should perform an actual audit to remain in compliance with the ISACA IS audit standards.

This is where the ISACA IS audit guidelines come in. The main purpose of ISACA IS audit guidelines is to give a clear guideline about how to remain in compliance of the Standards. These guidelines are, therefore, important because ISACA encourages the IS auditor to read these to know how to apply the Standards during audit.

IS auditor is, however, not completely bound by these guidelines because these do not specify the actual audit tools he or she may use. That is left to the discretion of the auditor. But these guidelines must be considered by a CISA auditor.

The ISACA IS guidelines also clearly state what is the intent and meaning of a standards, therefore, if IS auditor performs an audit which is according to the standards but is somehow in conflict with these guidelines then he must be prepared to justify this departure.

The guidelines cover all three parts of the standards i.e General, Performance and Reporting. A CISA exam candidate is not expected to remember all the guidelines numbers etc but he should be very clear about how these guidelines clarify the intent of the standards.

I personally did not read these guidelines during my reparation of CISA examination but I would recommend that you read these at least once because in exam you will encounter questions which are somewhat like : what an IS auditor will do in this or that situation? And these types of questions can be clearly answered if you have read the standards and the guidelines.

I would, therefore, recommend that you read these guidelines only once. That should be enough. Don’t overstress on these because all these concepts will be subsequently covered in the later chapters of the CISA Review Manual.