Rating: 4 out of 5 stars
4/5
Ebook67 pages30 minutes
Information Systems Auditing: The IS Audit Testing Process: Information Systems Auditing, #3
Rating: 1 out of 5 stars
1/5
()
About this ebook
IS audit area testing mastery reflects professional experience and training. Regarding subject mastery, this booklet presents methods and techniques available for testing computer programs, files, and information systems; which can be translated, if practiced, into professional experience. Chronologically, this monograph describes required audit steps performed during an audit area assignment.
Author
Robert E. Davis
Dr. Robert E. Davis obtained a Bachelor of Business Administration in Accounting and Business Law, a Master of Business Administration in Management Information Systems, and a Doctor of Business Administration in Information Systems Management from Temple, West Chester, and Walden University; respectively. In addition, during his twenty years of involvement in education, Dr. Davis acquired Postgraduate and Professional Technical licenses in Computer Science and Computer Systems Technology. Dr. Davis also obtained the Certified Information Systems Auditor (CISA) certificate — after passing the 1988 Information Systems Audit and Control Association's rigorous three hundred and fifty multiple-choice questions examination; and was conferred the Certified Internal Controls Auditor (CICA) certificate by the Institute for Internal Controls. Since starting his career as an information systems (IS) auditor, Dr. Davis has provided data security consulting and IS auditing services to the United States Securities and Exchange Commission, United States Enrichment Corporation, Raytheon Company, United States Interstate Commerce Commission, Dow Jones & Company and Fidelity/First Fidelity (Wells Fargo) corporations as well as other organizations; in staff through management positions. Prior to engaging in the practice of IS auditing and information security consulting; Dr. Davis (as a corporate employee) provided inventory as well as general accounting services to Philip Morris, USA and general accounting services to Philadelphia National Bank (Wells Fargo). Furthermore, he has prior experience as a freelance writer of IT audit and information security training material. Dr. Davis has authored articles addressing IT issues for ITAudit magazine, ISACA Journal, and IT Governance, LTD as well as peer reviewed Carnegie Mellon University's technical report "Comparing eSCM-SP v2 and COBIT" and five chapters of Bloomsbury Publishing's "Effective Auditing for Corporates". In regards to training individuals in the information systems audit process, he has provided instruction to the Data Processing Management Association, ISACA-Philadelphia Chapter CISA Review Course participants, 3rd Annual Securasia Congress delegates, the Delaware Valley Chapter of the Information Systems Security Association and an Internet CISA study group. Additionally, Dr. Davis has presented webinars for Compliance4all, Compliance IQ, Compliance Online, and...
Related to Information Systems Auditing
Titles in the series (5)
Information Systems Auditing: The IS Audit Planning Process: Information Systems Auditing, #1 Information Systems Auditing: The IS Audit Testing Process: Information Systems Auditing, #3 Rating: 1 out of 5 stars1/5Information Systems Auditing: The IS Audit Reporting Process: Information Systems Auditing, #4 Rating: 5 out of 5 stars5/5Information Systems Auditing: The IS Audit Follow-up Process Rating: 2 out of 5 stars2/5
Related ebooks
Information Systems Auditing: The IS Audit Planning Process: Information Systems Auditing, #1 Rating: 4 out of 5 stars4/5Information Systems Auditing: The IS Audit Reporting Process: Information Systems Auditing, #4 Rating: 5 out of 5 stars5/5Auditing Information Systems: Enhancing Performance of the Enterprise Rating: 0 out of 5 stars0 ratingsIS Auditor - Process of Auditing: Information Systems Auditor, #1 Rating: 0 out of 5 stars0 ratingsInformation Systems Auditing: The IS Audit Follow-up Process Rating: 2 out of 5 stars2/5IT Risk Management Process A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsIT Audit A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsIT Security Audit A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsIT Audit, Control, and Security Rating: 0 out of 5 stars0 ratingsAuditing Information Systems and Controls: The Only Thing Worse Than No Control Is the Illusion of Control Rating: 0 out of 5 stars0 ratingsCISA Exam-Testing Concept-Knowledge of Risk Assessment Rating: 3 out of 5 stars3/5Internal Auditor A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsFundamentals of Information Security Risk Management Auditing: An introduction for managers and auditors Rating: 5 out of 5 stars5/5Audit Committee Essentials Rating: 0 out of 5 stars0 ratingsMastering Internal Audit Fundamentals A Step-by-Step Approach Rating: 4 out of 5 stars4/5CISA EXAM-Testing Concept-Digital Signature Rating: 3 out of 5 stars3/5IT Audit A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratingsCOSO A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratingsGRC, The Backbone of Enterprise Management Rating: 0 out of 5 stars0 ratingsSarbanes Oxley Internal Controls A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsSWANSON on Internal Auditing: Raising the Bar Rating: 5 out of 5 stars5/5Risk Assessment for Asset Owners Rating: 4 out of 5 stars4/5The Complete Guide To Sarbanes-Oxley: Understanding How Sarbanes-Oxley Affects Your Business Rating: 0 out of 5 stars0 ratingsThe Executive’S Guide to Internal Auditing Rating: 0 out of 5 stars0 ratingsHardening by Auditing: A Handbook for Measurably and Immediately Iimrpving the Security Management of Any Organization Rating: 0 out of 5 stars0 ratingsISO/IEC 27701:2019: An introduction to privacy information management Rating: 4 out of 5 stars4/5Auditor's Guide to IT Auditing Rating: 5 out of 5 stars5/5The Internal Auditor Rating: 0 out of 5 stars0 ratings
Certification Guides For You
Coding For Dummies Rating: 5 out of 5 stars5/5CompTIA Security+ Study Guide with over 500 Practice Test Questions: Exam SY0-701 Rating: 0 out of 5 stars0 ratingsCompTIA Security+ SY0-701 Certification Guide: Master cybersecurity fundamentals and pass the SY0-701 exam on your first attempt Rating: 0 out of 5 stars0 ratingsCompTIA Security+ Get Certified Get Ahead: SY0-701 Study Guide Rating: 5 out of 5 stars5/5CompTIA Security+ Certification Practice Exams, Fourth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5CompTIA Network+ Practice Tests: Exam N10-008 Rating: 0 out of 5 stars0 ratingsCoding All-in-One For Dummies Rating: 4 out of 5 stars4/5CompTIA Security+ Study Guide: Exam SY0-601 Rating: 5 out of 5 stars5/5CompTIA A+ Complete Study Guide: Exam Core 1 220-1001 and Exam Core 2 220-1002 Rating: 4 out of 5 stars4/5CompTIA Data+ Study Guide: Exam DA0-001 Rating: 0 out of 5 stars0 ratingsCompTIA A+ Complete Review Guide: Core 1 Exam 220-1101 and Core 2 Exam 220-1102 Rating: 5 out of 5 stars5/5PHR and SPHR Professional in Human Resources Certification Complete Study Guide: 2018 Exams Rating: 0 out of 5 stars0 ratingsCISM Certified Information Security Manager Study Guide Rating: 0 out of 5 stars0 ratingsCompTIA A+ Certification All-in-One For Dummies Rating: 3 out of 5 stars3/5PHR and SPHR Professional in Human Resources Certification Complete Practice Tests: 2018 Exams Rating: 4 out of 5 stars4/5CompTIA CySA+ Study Guide: Exam CS0-003 Rating: 2 out of 5 stars2/5CompTIA Network+ Review Guide: Exam N10-008 Rating: 0 out of 5 stars0 ratingsUnderstanding Cisco Networking Technologies, Volume 1: Exam 200-301 Rating: 0 out of 5 stars0 ratingsMicrosoft Office 365 for Business Rating: 4 out of 5 stars4/5CompTIA Network+ Certification Guide (Exam N10-008): Unleash your full potential as a Network Administrator (English Edition) Rating: 0 out of 5 stars0 ratingsConcise and Simple Guide to IP Subnets Rating: 5 out of 5 stars5/5AI-900: Microsoft Azure AI Fundamentals Practice Questions Rating: 0 out of 5 stars0 ratingsCompTIA A+ CertMike: Prepare. Practice. Pass the Test! Get Certified!: Core 1 Exam 220-1101 Rating: 0 out of 5 stars0 ratingsHow to Get Started as a Technical Writer Rating: 4 out of 5 stars4/5IAPP CIPM Certified Information Privacy Manager Study Guide Rating: 0 out of 5 stars0 ratingsCEH: Certified Ethical Hacker v11 : Exam Cram Notes - First Edition - 2021 Rating: 0 out of 5 stars0 ratingsCompTIA PenTest+ Study Guide: Exam PT0-002 Rating: 0 out of 5 stars0 ratings
Related podcast episodes
The Foolproof Way To Pass The CIPPE Exam In 2 Weeks 0% found this document useful3 Must Have Skills To Land Your First Privacy Job 0% found this document usefulCybersecurity Trends and Practices 0% found this document useful062: The Difference Between a Safety Inspection and Safety Audit: 3 Criteria Needed for Both 0% found this document useful049: 8 Tips for Selecting Key Safety Performance Indicators: Important Key Performance Indicators for Safety 0% found this document usefulPMP BUSINESS (Task 1) COMPLIANCE ??Day #32 0% found this document useful083: SMS Pt 4 - What Does ISO 45001 Require?: Safety Management System overview 0% found this document usefulEnterprise Solution Delivery . Why Enterprise Solution Delivery? 0% found this document useful
Related articles
Vulnerability Assessments PC Pro MagazineUNLIMITED
Vulnerability Assessments
Jan 7, 2021
3 min readManaging the Risks of Digital Lending Business TodayUNLIMITED
Managing the Risks of Digital Lending
Feb 18, 2022
TECHNOLOGY HAS BEEN the crux of the Indian banking system and the advent of Covid-19 has fuelled the shift of business models from ‘physical’ to ‘digital’. The journey of innovation, which started with internet banking and digital means of payments,
6 min read“DORA Is A Force For Good And Will Help Businesses To Make Better Decisions, Faster” PC Pro MagazineUNLIMITED
“DORA Is A Force For Good And Will Help Businesses To Make Better Decisions, Faster”
Apr 10, 2022
6 min readData Compliance Checklist MarketingUNLIMITED
Data Compliance Checklist
May 15, 2019
People had a lot to say about Google’s January AU$80 million fine for breaching the General Data Protection Regulation (GDPR) – and rightly so. It was the first time a tech giant suffered a financial penalty under the GDPR. The fine served as a signa
3 min readWhy Is Data Protection Important To Small Businesses Parents in BizUNLIMITED
Why Is Data Protection Important To Small Businesses
Jan 24, 2022
3 min readCyber Security IS A SHARED RESPONSIBILITY AT THE C-LEVEL Inc.UNLIMITED
Cyber Security IS A SHARED RESPONSIBILITY AT THE C-LEVEL
Sep 21, 2016
Data breaches can have far-reaching repercussions; protecting against them is a companywide mandate
2 min readThe Future Of Accounting: Co-habitation With Bots Finweek - EnglishUNLIMITED
The Future Of Accounting: Co-habitation With Bots
Sep 10, 2021
“humans need not apply.” Imagine reading those words on a job-seeker website portal. The smart technology era introduced us to computer systems that can be programmed to do the tasks that most human workers do daily. Computers can see (computer visio
4 min readThe Role Of AI In Cybersecurity NZBusiness and ManagementUNLIMITED
The Role Of AI In Cybersecurity
Apr 18, 2023
4 min read4 Ways to Protect Your Business Against Employee Fraud and Theft EntrepreneurUNLIMITED
4 Ways to Protect Your Business Against Employee Fraud and Theft
May 1, 2015
3 min readHow Operation Managers Can Convince Executives To Solve Problems They Can’t See Facility ManagementUNLIMITED
How Operation Managers Can Convince Executives To Solve Problems They Can’t See
Aug 29, 2019
2 min readKnow Before Your Inspection Cannabis & Tech TodayUNLIMITED
Know Before Your Inspection
Jun 22, 2020
2 min readConquering Compliance Issues Shop TalkUNLIMITED
Conquering Compliance Issues
Jun 1, 2022
3 min readHow Mature Is Your Organisation With Regards To Digital And Web Analytics? NZ MarketingUNLIMITED
How Mature Is Your Organisation With Regards To Digital And Web Analytics?
Jun 9, 2021
1 min readHow To Earn Cyber Essentials Certification PC Pro MagazineUNLIMITED
How To Earn Cyber Essentials Certification
May 9, 2024
8 min readSTRATEGIC EXCELLENCE: Steps to Maximise ROI in GEN AI Implementations The European Business ReviewUNLIMITED
STRATEGIC EXCELLENCE: Steps to Maximise ROI in GEN AI Implementations
May 28, 2024
4 min readBACK TO THE FUTURE: The Return and Rise of E-Surveillance at Work The European Business ReviewUNLIMITED
BACK TO THE FUTURE: The Return and Rise of E-Surveillance at Work
Feb 1, 2023
7 min readJobs Of The Future True LoveUNLIMITED
Jobs Of The Future
Jan 26, 2023
5 min readBe Prepared Australasian Transport News (ATN)UNLIMITED
Be Prepared
Aug 19, 2019
3 min readHow Do You Know You Are Okay? NZBusiness and ManagementUNLIMITED
How Do You Know You Are Okay?
May 27, 2019
2 min readAre You Making the Most of Your Data? Rotman ManagementUNLIMITED
Are You Making the Most of Your Data?
Jan 1, 2023
8 min readIso 41000 – Game-changer Or White Elephant? Facility ManagementUNLIMITED
Iso 41000 – Game-changer Or White Elephant?
Aug 23, 2018
4 min readIndustry Assurance Schemes Australasian Transport News (ATN)UNLIMITED
Industry Assurance Schemes
Dec 16, 2019
4 min readCultivating Executive Trust In The Age Of AI Governance The European Business ReviewUNLIMITED
Cultivating Executive Trust In The Age Of AI Governance
Mar 27, 2024
8 min readReview of Cybersecurity Certification TechfastlyUNLIMITED
Review of Cybersecurity Certification
Feb 4, 2021
4 min readThe Current Frontier In Undustrial Manufacturing: BRINGING SOFTWARE SYSTEMS TO MARKET The European Business ReviewUNLIMITED
The Current Frontier In Undustrial Manufacturing: BRINGING SOFTWARE SYSTEMS TO MARKET
Jan 31, 2020
6 min readUnderstanding Your Technological Risks NZBusiness and ManagementUNLIMITED
Understanding Your Technological Risks
Jul 21, 2021
2 min readA Commitment To Best Practice Farmer's WeeklyUNLIMITED
A Commitment To Best Practice
Feb 10, 2020
Few retailers or brand owners will consider doing business with a supplier that does not have certification to a global standard. Certification helps a business improve its product, management systems, quality control and overall competitiveness. The
2 min readWeb App Security Linux FormatUNLIMITED
Web App Security
Jun 29, 2021
8 min readSix Business Processes You Need To Rethink For The Agile Age The European Business ReviewUNLIMITED
Six Business Processes You Need To Rethink For The Agile Age
May 25, 2021
4 min readA Fraction Too Much Friction? Facility ManagementUNLIMITED
A Fraction Too Much Friction?
Sep 2, 2020
3 min read
Reviews for Information Systems Auditing
Rating: 1 out of 5 stars
1/5
1 rating0 reviews
Book preview
Information Systems Auditing - Robert E. Davis
Information Systems Auditing
The IS Audit Testing Process
Random Number Table
tmp_bba9586888d5c24e84b6c20dd77b37ff_lRrVq__html_7ea8cba0.jpgRobert E. Davis, MBA, CISA, CICA
Published by Robert E. Davis at Smashwords
Copyright 2009 Robert E. Davis, MBA, CISA, CICA. All rights reserved.
Smashwords Edition, License Notes
This ebook is licensed for your personal enjoyment only. This ebook may not be re-sold or given away to other people. If you would like to share this book with another person, please purchase an additional copy for each recipient. If you’re reading this book and did not purchase it, or it was not purchased for your use only, then please return to Smashwords.com and purchase your own copy. Thank you for respecting the hard work of this author.
Preface
The global Information Technology (IT) community considers becoming a Certified Information Systems Auditor (CISA) a major accomplishment. To obtain the CISA designation information systems auditors, controls, or security professionals must pass a rigorous test demonstrating knowledge in a multitude of information systems audit process areas. Information Systems Audit and Control Association (ISACA) standards and guidelines, audit risk, and audit fieldwork are just a few knowledge requirements CISA candidates must master.
Objectives
Information Systems Auditing: The IS Audit Testing Process is part of an electronic booklets series providing comprehensive IS audit planning, study, evaluation, and testing methods. Systemically, the series covers major steps in the IS audit processes not chronicled in ISACA standards and guidelines. In terms of content, these monographs convert selected audit standards into practical applications using detailed examples. These monographs also allow auditors to understand various steps and processes required to adequately initiate, document, and compile IT audit phases. Through these study assistants, a CISA student will acquire an appreciation for IT financial statement, government, and external auditing. Collectively, these monographs function as study guides for CISA examination preparation as well as audit reference manuals.
IS audit area testing mastery reflects professional experience and training. Regarding subject mastery, this booklet presents methods and techniques available for testing computer programs, files, and information systems; which can be translated, if practiced, into professional experience. Chronologically, this monograph describes required audit steps performed during an audit area assignment. Specifically, statistical and non-statistical testing is described from an ISA’s perspective, while simultaneously presenting other equivalent audit standards and guidelines. Furthermore, audit risk reassessment is discussed at this monograph’s conclusion.
Related Material
To enhance certification candidate preparation, Boson Software offers practice tests traversing the ISACA CISA examination domains. These practice tests are excellent knowledge diagnostic and test simulation tools, furnishing a variety of question formats for the purchaser. Lastly, the practice tests are customizable, therefore, allowing selected CISA domain study.
Table of Contents
Introduction
1.0 Testing Objectives
1.1 Testing Materiality
1.2 Testing Design
2.0 Testing Methodologies
2.1 Statistical Testing Methodologies
2.2 Non-Statistical Testing Methodologies
3.0 Sampling Size Selection
4.0 Sampling Methodologies
5.0 Conducting Tests
5.1 CAAT Testing
6.0 Testing Evaluation
7.0 Test Documentation
8.0 Assessing Risk
Appendix A
Appendix B
Appendix C
Acronyms
Glossary
Bibliography
Biography
Introduction¹
IS audit testing completes what is commonly called audit fieldwork. Logically, after completing the IS audit study and evaluation of controls process, auditors are prepared to perform selected statistical and/or non-statistical testing of transactions/events/cycles (Table 1.1). Testing an audit area, statistically and/or non-statistically, is the culmination of an ISA’s desired Audit Assurance
Enjoying the preview?
Page 1 of 1