Week 02 – Information Technology and IT Audit

Now that we have a general idea of the role and necessity of the audit function, we will turn our attention to the IS Auditor (I use ‘IT’ and ‘IS’ interchangeably for the following reasons: 1) habit. I’ve always used the term ‘Information Technology.’ Old habits are hard to change; 2) ‘IS’ or Information Systems is the term ISACA likes to use. I’ll try to stick to ‘IS’ as best as I can. Just be aware…)

This week we will spend time discussing the role of IS in the enterprise, then we will do a deeper dive into its many services (but not too deep…).

Readings:

Articles:

• “What Every IT Auditor Should Know About Scoping an IT Audit” by Tommie Singleton.
• “Due Professional Care” by Fredrick Gallegos

Standards and Guidelines:

• GS 1001 Charter / GG 2001 Audit Charter
• GS 1002 Organizational Independence / GG 2002 Organizational Independence
• GS 1003 Professional Independence / GG 2003 Professional Independence
• GS 1005 Due Professional Care / GG 2005 Due Professional Care

Note: GS – General Standard; GG – General Guideline; PS – Performance Standard; PG – Performance Guideline; RS – Reporting Standard; RG – Reporting Guideline

CISA Review Manual:

• 1.2 Management of the IS Audit Function

Additional Resources:

Please bring to class.

• Facebook Audit Committee Charter
• Model Internal Audit Activity Charter