Auditing standards regulate audits and all types of audit rely on some auditing standards for performing the audit assignment. Before discussing the ISACA IS auditing standards in detail, let us first know the reasons why auditing standards exist and whey these are mandatory to be used in audit assignments.
Why using Auditing Standards is important?
- Auditing standards are a way to ensure that the auditor is performing the work in a methodical way which has been agreed by the auditors practicing that profession.
- These serve as a tool to ensure that the auditor observes the professional code of ethics while auditing.
- When an auditor follows auditing standards, the chance of under-audit because of over-confidence of the professional capacity of the auditor is minimized.
- These also limit the liability of the auditor during the audit assignment to what the standards require.
There is criticism on the auditing standards which mostly allege that these lead to over-documentation and excessive procedural routines.
What are ISACA Auditing Standards?
ISACA, i.e Information Systems Auditing and Control Association, is a non-profit organization which regulates the CISA Certification and is a professional association for the information systems auditing professionals. It has published its own information systems auditing standards which are binding on the CISA professionals to follow while conducting an audit assignment. ISACA auditing standards have three parts:
- General Standards
- Performance Standards
- Reporting Standards
These IS auditing standards are available as a free download from ISACA website as part of the ITAF, which is the Professional Practices Framework for IS Auditing/Assurance. This document also has the IS Audit Guidelines and Tools and Techniques for IS Audit. We will discuss the difference between these in a subsequent article, but for now it should suffice that ISACA auditing standards are binding on CISA professionals.
It is recommended that you down the ITAF and read the standards part. If you are coming from an auditing background, then most of these will sound familiar. For example, the audit charger, professional independence, due professional care, criteria and evidence etc are the words which all auditors are familiar with.
IS Audit Standards and CISA
You will not be expected on the exam day to have memorized the standard numbers etc. But you should be aware of the concepts that are given in these standards. And since ISACA has recently increased the weightage of the IS Audit Process Job Practice Area in the CISA exam, it is advised that you thoroughly read and understand these standards. I can tell from my personal experience that I encountered a few questions in the examination which were somehow related to a few auditing standards like 1204-Using the Work of Other Experts or 1207-Irregularity and Illegal Acts.
Even otherwise, when you read these standards, you understand the core of auditing process. So reading Page 12 to 39 of the ITAF document is highly recommended for knowing about the IS Audit process and preparing for CISA examination.