[...]... techniques in preparation for the CISA exam The candidate must be knowledgeable and experienced in information systems and their implementation as a pre-requisite to performing IS audits and becoming certified as an information systems auditor Understanding basic business operations and management are also areas of knowledge the candidate must be familiar with This preparation guide follows the exam content... manage them best What better way to do this than through a full understanding of how the certified IS auditor would approach the evaluation of his or her business processes and controls? Summary Having passed the CISA exam and successfully trained others who have also passed the exam, the author believes the information provided in this book will serve as a vital foundation for studying Information Systems. .. managed If the information systems are not in order, how can the financials be relied on? Placing reliance on the systems that manage the company’s financial information is the primary reason auditing and accounting firms need to perform an IS audit Once assurance is gained that the systems processing the books have integrity and accuracy, an opinion can be provided on the numbers themselves The other reason... passed the CISA exam successfully John has been a CISA since 19 95 He is a former Vice President of the Pittsburgh ISACA chapter He is also a CISSP His formal education is in electrical engineering Introduction Information systems auditing is a profession that is both rewarding and challenging It allows the information systems auditor a unique view of the business processes and the supporting information. .. the process I I Validating the plan, its scope, and objectives with the stakeholders I I Identifying the required resources I I Carrying out the planned tasks I I Documenting the steps and results along the way I I Validating or testing the results of the tasks I I Reporting the final results back to the process owner or stakeholders for their final agreement or approval IS Auditing Standards The Information. .. assurance that the control objectives in the scope were achieved These opinions only hold valid for the time period specified, which is typically over the past fiscal year, and they cannot be directly relied upon to predict the future performance of the company Again, the scope and objectives of a SAS 70 is a variable negotiated The Information System Audit Process by the party paying for the audit the business... accepted standard of certification for an IS auditor is that of CISA, Certified Information System Auditor Since 19 78, this designation means that the auditor is recognized as a certified professional Earning the CISA designation shows that the auditor takes his profession seriously and is dedicated to establishing his reputation and career as a proficient professional CISAs are trained in all aspects of IS... themselves with a full understanding of the processes used to balance risks and controls in their complex and demanding IT environments The management of these systems, the risks, and controls related to the implementation of them, in pursuit of the business objectives, can be better understood through the study of this guide as a business systems management leading practice guide Successful IS managers are... maximum limitation to the two for one experience year substitution All related experience submitted as evidence for the certification as an IS auditor must have been gained within the ten years preceeding the application for certification or within five years from the date the candidate initially passed the exam Individuals may choose to take and pass the CISA exam prior to meeting the experience requirements... behavior in connection with the CISA exam or the certification process I I Violating the Code of Ethics in any way I I Failing to meet the Continuing Education requirements I I Failing to pay annual CISA maintenance fees The Approach and Layout of This Book The approach of this book is a blend of relating experiences and the transference of knowledge: Experiences in passing the CISA exam, years of performing . Audit Engagements 11 SAS 70 12 The Audit Organization 13 Audit Planning 15 Materiality 16 Irregularities 16 Scheduling 18 Self-Assessment Audits 19 Audit Staffing 19 Planning the Individual Audit. Operational Practices 11 5 Evaluating Systems Software 11 6 Operating Systems 11 6 Database Management Systems 12 0 Multi-Tier Client/Server Configuration Implications 12 3 Security Packages 12 5 Operations. (SLAs) 16 9 Resources 17 1 Sample Questions 17 2 Chapter 4 Protection of Information Assets 17 9 Security Risks and Review Objectives 18 1 The Security Officer’s Role 18 3 Privacy Risk 18 6 The Security