CISA Domain 1: The Process of Auditing
Information Systems
An integrated test facility - -would help identify a problem as it occurs but
would not detect errors for a previous period. An audit technique to test
the accuracy of the processes in the application system.
- Analytical Review - -Assesses the general control environment of an
organization
- Attribute of Control Self-Assessment (CSA) - -emphasizes management
of and accountability for developing and monitoring the controls of an
organization's business processes. The attributes of CSA include
empowered employees, continuous improvement, extensive employee
participation and training all of which are representations of broad
stakeholder involvement.
- Attribute sampling - -The primary sampling method used for
compliance testing. Attribute sampling is a sampling model that is used to
estimate the rate of occurrence of a specific quality (attribute) in a
population and is used in compliance testing to confirm whether the
quality exists.
- Audit Charter - -Outlines the auditor's responsibility, authority and
accountability. The charter document grants authority to the audit
function on behalf of the board of directors and company stakeholders.
Describes role of IS audit function.
- Bayesian Filtering - -applies statistical modeling to messages by
performing a frequency analysis on each word within the message and
then evaluating the message as a whole. It can ignore suspicious
keywords if the message as a whole is normal.
- compensating control - -used where other controls are not sufficient to
protect they system.
- Computer- aided software Engineering (CASE) - -used to assist in
software envelopment.
- Continuous auditing techniques - -Assist the auditing function in
reducing the use of auditing resources through continuous collection of
evidence. This approach assists IS auditors in identifying fraud in a timely
fashion and allows auditors to focus on relevant data.
, - Control Risk - -The risk that a material error exists that will not be
prevented or detected in a timely manner by the system of internal
controls.
- Control Risk Assessment - -Performed after the inherent risk
assessment has been completed and is to determine the level of risk that
remains after controls for the targeted process are in place.
- Control Self assessment (CSA) - -is predicated on the review of high
risk areas that either need immediate attention or may require a more
thorough review at a later date.
- Control Self-Assessment (CSA) - -an assessment of controls made by
the staff and management of the unit or units involved.
- Corrective Control - -Helps to correct or minimize the impact of a
problem. Backup tapes can be used for restoring the files in case of
damage of files, thereby reducing the impact of a disruption. Designed to
correct errors, omissions and unauthorized uses when detected.
- Detection Risk - -The risk that a material misstatement with a
management assertion will not be detected by the auditors substantive
tests. It consists of two components, sampling risk and non-sampling risk.
- Detection Risk Assessment - -Performed only after the inherent and
control risk assessments have been performed to determine ability to
detect either errors within a targeted process
- Detective Control - -Exist to detect and report when errors, omisions
and unauthorized uses or entries occur.
- Detective Control - -Transaction logs are detective controls because
they provide audit trails. Before and after image reporting makes it
possible to trace the impact that transactions have on computer records
therefore it is a detective control.
- Difference estimation sampling - -examines measure deviations and
extraordinary items and is not a good way to measure compliance.
- Due diligence Reviews - -Type of audit generally related to mergers
and acquisitions.
- Embedded data collection tools - -Embedded (audit) data collection
sofware, such as systems control audit review file (SCARF) or systems
audit review file (SARF), is used to provide sampling and production
statistics, but not to conduct an audit log analysis.
- Fraud Risk Assessment - -A subset of a control risk assessment in
which the auditor determines if the control risk addresses the ability of
Information Systems
An integrated test facility - -would help identify a problem as it occurs but
would not detect errors for a previous period. An audit technique to test
the accuracy of the processes in the application system.
- Analytical Review - -Assesses the general control environment of an
organization
- Attribute of Control Self-Assessment (CSA) - -emphasizes management
of and accountability for developing and monitoring the controls of an
organization's business processes. The attributes of CSA include
empowered employees, continuous improvement, extensive employee
participation and training all of which are representations of broad
stakeholder involvement.
- Attribute sampling - -The primary sampling method used for
compliance testing. Attribute sampling is a sampling model that is used to
estimate the rate of occurrence of a specific quality (attribute) in a
population and is used in compliance testing to confirm whether the
quality exists.
- Audit Charter - -Outlines the auditor's responsibility, authority and
accountability. The charter document grants authority to the audit
function on behalf of the board of directors and company stakeholders.
Describes role of IS audit function.
- Bayesian Filtering - -applies statistical modeling to messages by
performing a frequency analysis on each word within the message and
then evaluating the message as a whole. It can ignore suspicious
keywords if the message as a whole is normal.
- compensating control - -used where other controls are not sufficient to
protect they system.
- Computer- aided software Engineering (CASE) - -used to assist in
software envelopment.
- Continuous auditing techniques - -Assist the auditing function in
reducing the use of auditing resources through continuous collection of
evidence. This approach assists IS auditors in identifying fraud in a timely
fashion and allows auditors to focus on relevant data.
, - Control Risk - -The risk that a material error exists that will not be
prevented or detected in a timely manner by the system of internal
controls.
- Control Risk Assessment - -Performed after the inherent risk
assessment has been completed and is to determine the level of risk that
remains after controls for the targeted process are in place.
- Control Self assessment (CSA) - -is predicated on the review of high
risk areas that either need immediate attention or may require a more
thorough review at a later date.
- Control Self-Assessment (CSA) - -an assessment of controls made by
the staff and management of the unit or units involved.
- Corrective Control - -Helps to correct or minimize the impact of a
problem. Backup tapes can be used for restoring the files in case of
damage of files, thereby reducing the impact of a disruption. Designed to
correct errors, omissions and unauthorized uses when detected.
- Detection Risk - -The risk that a material misstatement with a
management assertion will not be detected by the auditors substantive
tests. It consists of two components, sampling risk and non-sampling risk.
- Detection Risk Assessment - -Performed only after the inherent and
control risk assessments have been performed to determine ability to
detect either errors within a targeted process
- Detective Control - -Exist to detect and report when errors, omisions
and unauthorized uses or entries occur.
- Detective Control - -Transaction logs are detective controls because
they provide audit trails. Before and after image reporting makes it
possible to trace the impact that transactions have on computer records
therefore it is a detective control.
- Difference estimation sampling - -examines measure deviations and
extraordinary items and is not a good way to measure compliance.
- Due diligence Reviews - -Type of audit generally related to mergers
and acquisitions.
- Embedded data collection tools - -Embedded (audit) data collection
sofware, such as systems control audit review file (SCARF) or systems
audit review file (SARF), is used to provide sampling and production
statistics, but not to conduct an audit log analysis.
- Fraud Risk Assessment - -A subset of a control risk assessment in
which the auditor determines if the control risk addresses the ability of
