CISA PART-1

The approved audit charter outlines the auditor’s responsibility, authority and accountability.

Inherent risk exists independently of an audit and can occur because of the nature of the business. To successfully conduct an audit, it is important to be aware of the related business processes. To perform the audit, the IS auditor needs to understand the business process, and by understanding the business process, the IS auditor better understands the inherent risk.

A risk-based audit approach focuses on the understanding of the nature of the business and being able to identify and categorize risk. Business risk impacts the long-term viability of a specific business. Thus, an IS auditor using a riskbased audit approach must be able to understand business processes.

The risk level or exposure without taking into account the actions that management has taken or might take is inherent risk.

The appropriate option would be to review the systems software as relevant to the review and recommend a detailed systems software review for which additional resources may be recommended

Short- and long-term issues that drive audit planning can be heavily impacted by changes to the risk environment, technologies and business processes of the enterprise

Facilitated workshops work well within business units.

The first step in audit planning is to gain an understanding of the business’s mission, objectives and purpose, which in turn identifies the relevant policies, standards, guidelines, procedures and organization structure.

ISACA IS Audit and Assurance Standard 1202, Planning, establishes standards and provides guidance on planning an audit. It requires a risk-based approach.

A corrective control helps to correct or minimize the impact of a problem. Backup tapes can be used for restoring the files in case of damage of files, thereby reducing the impact of a disruption.