cisa overview
TRANSCRIPT
InternalControl:Internalcontrol,asdefinedin accounting and auditing,isaprocessforassuringachievementofanorganization'sobjectivesinoperationaleffectiveness and efficiency,reliablefinancialreporting,andcompliancewithlaws,regulationsandpolicies.Abroadconcept,internalcontrolinvolveseverythingthatcontrolsriskstoanorganization.[1]
ISAuditisdefinedas:
• Collectandevaluateevidencetodeterminewhethertheinformationsystemsandrelatedresourcesadequatelysafeguardassets• Maintaindataandsystemintegrity• Providerelevantandreliableinformation• Achieveorganizationalgoalseffectively,and• Consumeresourcesefficiently.
AnISAuditisintendedto:
• Assesseswhetherinternalcontrolsprovidereasonableassurancethatbusiness,operationalandcontrolobjectiveswillbemet,and• Thatundesiredeventswillbeprevented,ordetectedandcorrected,inatimelymanner.
TheISAuditProcess
• ISauditorsareexpectedtocomplywithacodeofprofessionalethics,andtoconducttheirworkinaccordancewithspecificstandards,guidelines,andprocedures.
TheAuditCharter
• AnauditcharterestablishestheroleoftheISauditfunction.• AnISauditcanbeintegratedwithinthefinancialoroperationaudit,oritcanbepartofaninternalaudit.• Thechartershouldinclude:• Aclearstatementofmanagement'sresponsibilityandobjectivesfortheauditfunction•Management'sdelegationofauthoritytotheauditfunction• Theoverallauthority,scopeandresponsibilitiesoftheauditfunction• Thereportinglinesandrelationships
TheAuditCharter• Adefinitionoftheorganizationalindependenceoftheinternalaudit,includingaccountabilityoftheauditandprovisionforobjectiveassessmentofitsresourcerequirements• Arecognitionofthecontrolenvironmentoftheorganization(operations,resources,services,responsibilitiestoexternalentities)• Theinternalaudit'srightofaccesstoallrecords,assets,personnelandpremises,includingthoseofpartnerorganizations• Theinternalaudit'sauthoritytoobtaintheinformationandexplanationsitconsidersnecessarytofulfillitsresponsibilities• Thechartershouldbeapprovedatthehighestmanagementlevelandbytheauditcommitteeifavailable.• Oncethecharterhasbeenestablished,anychangesmustbethoroughlyjustified.
AuditObjectives
• Auditobjectivesrefertothespecificgoalsoftheaudit.Theseobjectivesoftenarecenteredonsubstantiatingthatinternalcontrolsarefunctioningtominimizebusinessrisk.Theauditobjectives,then,needtobetranslatedintospecificISauditobjectives.• Forexample,forafinancialaudit,aninternalcontrolisdesignedtoensuretransactionsarepostedcorrectlytothegeneralledger.Theauditobjectiveistodeterminewhetherthiscontrolisperformingasintended.ThecorrespondingISauditobjectivemightbetomakesurethateditingfeaturesareinplacetodetecterrorsinthetransactioncodingthatmayaffectthepostingofthetransactions.
AuditDocumentation
• Inadditiontotheauditplan,thedocumentationforanISauditincludes:• AdescriptionordiagramoftheISenvironment• Auditprograms• Minutesofmeetings• Auditevidence• Findings• Conclusionsandrecommendations• Anyreportissuedasaresultoftheauditwork• Supervisoryreviewcomments,ifany
AuditPhasesAuditPhase Description
Auditsubject Identifytheareatobeaudited
Auditobjective Identifythepurposeoftheaudit.
Auditscope Identifythespecificsystems,functionorunitoftheorganizationtobeincludedinthereview.
Preauditplanning
• Identifytechnicalskillsandresourcesneeded.• Identifythesourcesofinformationfortestorreviewsuchasfunctionalflowcharts,
policies,standards,proceduresandpriorauditworkpapers.• Identifylocationsorfacilitiestobeaudited
Data Gathering • Audit approachtoverifyandtestthecontrols• Audittoolsandmethodologytotestandverifycontrol
AuditReport • Identifyfollow-upreviewproceduresReviewandevaluatethesoundnessofdocuments,policiesandprocedures
COMPLIANCEVS.SUBSTANTIVETESTING
• Compliancetestingisevidencegatheringforthepurposeoftestinganorganization'scompliancewithcontrolprocedures.• Substantivetestingisevidencegatheringtoevaluatetheintegrityofindividualtransactions,dataorotherinformation.
COBIT5:GovernanceandManagementGovernance ensures that enterprise objectives are achieved by evaluating stakeholder needs, conditions and options; setting direction through prioritisation and decision making; and monitoring performance, compliance and progress against agreed-on direction and objectives (EDM).
Management plans, builds, runs and monitors activities in alignment with the direction set by the governance body to achieve the enterprise objectives (PBRM).