S1 estandar de isaaca
Páginas: 6 (1383 palabras)
Publicado: 25 de mayo de 2010
IS AUDITING STANDARD AUDIT CHARTER
DOCUMENT #S1
The specialised nature of information systems (IS) auditing and the skills necessary to perform such audits require standards that apply specifically to IS auditing. One of the goals of the Information Systems Audit and Control Association (ISACA) is to advance globally applicable standards to meet its vision. The development and disseminationof the IS Auditing Standards are a cornerstone of the ISACA professional contribution to the audit community. The framework for the IS Auditing Standards provides multiple levels of guidance: Standards define mandatory requirements for IS auditing and reporting. They inform: – IS auditors of the minimum level of acceptable performance required to meet the professional responsibilities set out inthe ISACA Code of Professional Ethics – Management and other interested parties of the profession’s expectations concerning the work of practitioners ® ® – Holders of the Certified Information Systems Auditor (CISA ) designation of requirements. Failure to comply with these standards may result in an investigation into the CISA holder’s conduct by the ISACA Board of Directors or appropriate ISACAcommittee and, ultimately, in disciplinary action. Guidelines provide guidance in applying IS Auditing Standards. The IS auditor should consider them in determining how to achieve implementation of the standards, use professional judgement in their application and be prepared to justify any departure. The objective of the IS Auditing Guidelines is to provide further information on how to comply withthe IS Auditing Standards. Procedures provide examples of procedures an IS auditor might follow in an audit engagement. The procedure documents provide information on how to meet the standards when performing IS auditing work, but do not set requirements. The objective of the IS Auditing Procedures is to provide further information on how to comply with the IS Auditing Standards. COBIT resourcesshould be used as a source of best practice guidance. The COBIT Framework states, "It is management's responsibility to safeguard all the assets of the enterprise. To discharge this responsibility as well as to achieve its expectations, management must establish an adequate system of internal control." COBIT provides a detailed set of controls and control techniques for the information systemsmanagement environment. Selection of the most relevant material in COBIT applicable to the scope of the particular audit is based on the choice of specific COBIT IT processes and consideration of COBIT information criteria. As defined in the COBIT Framework, each of the following is organised by IT management process. COBIT is intended for use by business and IT management, as well as IS auditors;therefore, its usage enables the understanding of business objectives, communication of best practices and recommendations to be made around a commonly understood and well-respected standard reference. COBIT includes: Control objectives—High-level and detailed generic statements of minimum good control Control practices—Practical rationales and “how to implement” guidance for the control objectivesAudit guidelines—Guidance for each control area on how to obtain an understanding, evaluate each control, assess compliance and substantiate the risk of controls not being met Management guidelines—Guidance on how to assess and improve IT process performance, using maturity models, metrics and critical success factors. They provide a management-oriented framework for continuous and proactivecontrol self-assessment specifically focused on: – Performance measurement—How well is the IT function supporting business requirements? Management guidelines can be used to support self-assessment workshops, and they also can be used to support the implementation by management of continuous monitoring and improvement procedures as part of an IT governance scheme. – IT control profiling—What IT...
DOCUMENT #S1
The specialised nature of information systems (IS) auditing and the skills necessary to perform such audits require standards that apply specifically to IS auditing. One of the goals of the Information Systems Audit and Control Association (ISACA) is to advance globally applicable standards to meet its vision. The development and disseminationof the IS Auditing Standards are a cornerstone of the ISACA professional contribution to the audit community. The framework for the IS Auditing Standards provides multiple levels of guidance: Standards define mandatory requirements for IS auditing and reporting. They inform: – IS auditors of the minimum level of acceptable performance required to meet the professional responsibilities set out inthe ISACA Code of Professional Ethics – Management and other interested parties of the profession’s expectations concerning the work of practitioners ® ® – Holders of the Certified Information Systems Auditor (CISA ) designation of requirements. Failure to comply with these standards may result in an investigation into the CISA holder’s conduct by the ISACA Board of Directors or appropriate ISACAcommittee and, ultimately, in disciplinary action. Guidelines provide guidance in applying IS Auditing Standards. The IS auditor should consider them in determining how to achieve implementation of the standards, use professional judgement in their application and be prepared to justify any departure. The objective of the IS Auditing Guidelines is to provide further information on how to comply withthe IS Auditing Standards. Procedures provide examples of procedures an IS auditor might follow in an audit engagement. The procedure documents provide information on how to meet the standards when performing IS auditing work, but do not set requirements. The objective of the IS Auditing Procedures is to provide further information on how to comply with the IS Auditing Standards. COBIT resourcesshould be used as a source of best practice guidance. The COBIT Framework states, "It is management's responsibility to safeguard all the assets of the enterprise. To discharge this responsibility as well as to achieve its expectations, management must establish an adequate system of internal control." COBIT provides a detailed set of controls and control techniques for the information systemsmanagement environment. Selection of the most relevant material in COBIT applicable to the scope of the particular audit is based on the choice of specific COBIT IT processes and consideration of COBIT information criteria. As defined in the COBIT Framework, each of the following is organised by IT management process. COBIT is intended for use by business and IT management, as well as IS auditors;therefore, its usage enables the understanding of business objectives, communication of best practices and recommendations to be made around a commonly understood and well-respected standard reference. COBIT includes: Control objectives—High-level and detailed generic statements of minimum good control Control practices—Practical rationales and “how to implement” guidance for the control objectivesAudit guidelines—Guidance for each control area on how to obtain an understanding, evaluate each control, assess compliance and substantiate the risk of controls not being met Management guidelines—Guidance on how to assess and improve IT process performance, using maturity models, metrics and critical success factors. They provide a management-oriented framework for continuous and proactivecontrol self-assessment specifically focused on: – Performance measurement—How well is the IT function supporting business requirements? Management guidelines can be used to support self-assessment workshops, and they also can be used to support the implementation by management of continuous monitoring and improvement procedures as part of an IT governance scheme. – IT control profiling—What IT...
Leer documento completo
Regístrate para leer el documento completo.