IsAuditing.com (Information Systems Audit & Security)
All about IS audit, CISA, and Information Security
muhammad usman Every business or private entity operates in a certain legal framework wherein it has to comply with certain regulations and laws. And it is the responsibility of the entity’s management o ensure compliance with all applicable laws and regulations. Because of the IS systems becoming the backbone of a lot of key business functions, it … Read more
There are many definitions of risk but the most comprehensive one that puts risk in a business context is given in the CISA Review Manual, 26th Edition and it is from International Standards Organization, as given in their Guidelines for the Management of IT Security: Risk is a potential that a given threat will exploit … Read more
We already discussed the ISACA auditing standards and if you have read the standards, you must have found that these are very brief. They are like commandments about what is expected from a CISA auditor who has to be in compliance with the ISACA auditing standards when performing an IS Audit. But these standards do … Read more
Anybody familiar with information technology knows it clearly that it changes at a very fast pace. So it is quite logical and imperative that IS auditors need to remain updated about all these continuously updating developments in technology. Otherwise, it will become very difficult to audit information systems for an IS auditor who does not … Read more
So how should the IS audit function be organized in an organization. By organization we mean what should be the scope and objectives. How it should be managed collectively and at individual audit level. Among other things related to IS audit management are audit planning, actual audit implementation, IS audit resource management, effect of prevalent … Read more
Sometimes a control self assessment is also branded as an audit, which it is but there is a major difference. So in this article we are going to learn about what is control self assessment and how it is different from an audit. What is Control Self Assessment? This is basically a process of evaluating … Read more
As an information systems auditor, you will be performing a lot of different types of audits. But first we need to understand the auditing in general. Broadly speaking, there are following three types of audits and then we can further dig down to each of these. Internal audit External Audit Third Party Audit What is … Read more
Auditing standards regulate audits and all types of audit rely on some auditing standards for performing the audit assignment. Before discussing the ISACA IS auditing standards in detail, let us first know the reasons why auditing standards exist and whey these are mandatory to be used in audit assignments. Why using Auditing Standards is important? … Read more
Like information technology has affected almost every field of life, it has also impacted auditing functions. The records have been digitized, the processes have been built into the systems, and financial transactions and other critical information are being processed through information systems. Before the arrival of information systems, the auditors will examine the record on … Read more
Earlier we discussed in detail about how to pass CISA exam in first attempt and one of the most important study resource is CISA Review Manual. Currently CISA Review Manual 26th Edition (2015) is available for purchase from ISACA store. It is a 468 page eBook which is digitally protected. It is priced at $105 for … Read more