Download presentation
Presentation is loading. Please wait.
1
Dr. Ir. Yeffry Handoko Putra
Chap 4 – ISACA : IT Standards, Guidelines, and Tools and Techniques for Audit and Assurance and Control Professionals Dr. Ir. Yeffry Handoko Putra MAGISTER SISTEM INFORMASI
2
ISACA Updated: 1 March 2010 IT Audit and Assurance Standards are mandatory requirements for certification holders’ reports on the audit and its findings. Codification: Standards are numbered consecutively as they are issued, beginning with S1 Guidelines are numbered consecutively as they are issued, beginning with G1 Tools and Techniques are numbered consecutively as they are issued, beginning with P1.
3
Standards define mandatory requirements for IT audit and assurance
Standards define mandatory requirements for IT audit and assurance. They inform: IT audit and assurance professionals of the minimum level of acceptable performance required to meet the professional responsibilities set out in the ISACA Code of Professional Ethics Management and other interested parties of the profession’s expectations concerning the work of practitioners Holders of the Certified Information Systems Auditor™ (CISA®) designation of requirements. Failure to comply with these standards may result in an investigation into the CISA holder’s conduct by the ISACA Board of Directors or appropriate ISACA committee and, ultimately, in disciplinary action.
4
Guidelines provide guidance in applying IT Audit and Assurance Standards.
The IT audit and assurance professional should consider them in determining how to achieve implementation of the standards, use professional judgement in their application and be prepared to justify any departure. The objective of the IT Audit and Assurance Guidelines is to provide further information on how to comply with the IT Audit and Assurance Standards.
5
Tools and Techniques provide examples of procedures an IT audit and assurance professional might follow. The tools and techniques documents provide information on how to meet the standards when performing IT audit and assurance work, but do not set requirements. The objective of the IT Audit and Assurance Tools and Techniques is to provide further information on how to comply with the IT Audit and Assurance Standards.
6
Index of IT Audit and Assurance Standards
S1 Audit Charter 1 January 2005 S2 Independence 1 January 2005 S3 Professional Ethics and Standards 1 January 2005 S4 Competence 1 January 2005 S5 Planning 1 January 2005 S6 Performance of Audit Work 1 January 2005 S7 Reporting 1 January 2005 S8 Follow-Up Activities 1 January 2005 S9 Irregularities and Illegal Acts 1 September 2005 S10 IT Governance 1 September 2005 S11 Use of Risk Assessment in Audit Planning 1 November 2005 S12 Audit Materiality 1 July 2006 S13 Using the Work of Other Experts 1 July 2006 S14 Audit Evidence 1 July 2006 S15 IT Controls 1 February 2008 S16 E-commerce 1 February 20
7
Index of IT Audit and Assurance Guidelines
G1 Using the Work of Other Auditors 1 March 2008 G2 Audit Evidence Requirement 1 May 2008 G3 Use of Computer Assisted Audit Techniques (CAATs) 1 March 2008 G4 Outsourcing of IS Activities to Other Organisations 1 May 2008 G5 Audit Charter 1 February 2008 G6 Materiality Concepts for Auditing Information Systems 1 May 2008 G7 Due Professional Care 1 March 2008 G8 Audit Documentation 1 March 2008 G9 Audit Considerations for Irregularities and Illegal Acts 1 Sept. 2008 G10 Audit Sampling 1 August 2008 G11 Effect of Pervasive IS Controls 1 August 2008
8
Index of IT Audit and Assurance Guidelines
G12 Organisational Relationship and Independence 1 August 2008 G13 Use of Risk Assessment in Audit Planning 1 August 2008 G14 Application Systems Review 1 October 2008 G15 Audit Planning 1 May 2010 G16 Effect of Third Parties on an Organisation’s IT Controls 1 March 2009 G17 Effect of Nonaudit Role on the IT Audit and Assurance Professional’s Independence 1 May 2010 G18 IT Governance 1 July 2002 G19 Irregularities and Illegal Acts Withdrawn 1 September 2008 G20 Reporting 1 January 2003 G21 Enterprise Resource Planning (ERP) Systems Review 1 August 2003 G22 Business-to-consumer (B2C) E-commerce Review 1 October 2008 G23 System Development Life Cycle (SDLC) Review Reviews 1 August 2003 G24 Internet Banking 1 August 2003 G25 Review of Virtual Private Networks 1 July 2004 G26 Business Process Reengineering (BPR) Project Reviews 1 July 2004
9
Index of IT Audit and Assurance Guidelines
G27 Mobile Computing 1 September 2004 G28 Computer Forensics 1 September 2004 G29 Post-implementation Review 1 January 2005 G30 Competence 1 June 2005 G31 Privacy 1 June 2005 G32 Business Continuity Plan (BCP) Review 1 September 2005 G33 General Considerations on the Use of the Internet 1 March 2006 G34 Responsibility, Authority and Accountability 1 March 2006 G35 Follow-up Activities 1 March 2006 G36 Biometric Controls 1 February 2007 G37 Configuration Management Process 1 November 2007 G38 Access Controls 1 February 2008 G39 IT Organisation 1 May 2008 G40 Review of Security Management Practices 1 October 2008 G41 Return on Security Investment (ROSI) 1 May 2010 G42 Continuous Assurance 1 May 2010
10
Index of IT Audit and Assurance Tools and Techniques
P1 IS Risk Assessment 1 July 2002 P2 Digital Signatures 1 July 2002 P3 Intrusion Detection 1 August 2003 P4 Viruses and other Malicious Code 1 August 2003 P5 Control Risk Self-assessment 1 August 2003 P6 Firewalls 1 August 2003 P7 Irregularities and Illegal Acts 1 November 2003 P8 Security Assessment—Penetration Testing and Vulnerability Analysis 1 September 2004 P9 Evaluation of Management Controls Over Encryption Methodologies 1 January 2005 P10 Business Application Change Control 1 October 2006 P11 Electronic Funds Transfer (EFT) 1 May 2007
11
Exercise: As and IS Auditor what is (write in Indonesia )
Standard for Audit Evidence; Guideline for Audit Evidence; Tools and Techniques for Audit Evidence Standard for Planning; Guideline for ERP; Tools and Techniques for Business Application Change Control
12
Exercise: As and IS Auditor what is
Standard for IT Control; Guideline for Effect of Pervasive Control; Tools and Technique for Control Risk Assessment Standard for use of Risk Assessment in Audit Planning; Guideline for Risk Assessment in Audit Planning; Tools and Technique for IS Risk Assessment
13
Exercise A Exercise B Exercise C Exercise D
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.