CISA Certified Information Systems Auditor – Question1335
John has been hired to fill a new position in one of the well-known financial institute. The position is for IS auditor. He has been assigned to complete IS audit of one of critical financial system. Which of the following should be the first step for John to be perform during IS audit planning? A. Perform risk assessment B. Determine the objective of the audit C. Gain an understanding of the business process D. Assign the personnel resource to audit
Correct Answer: B
Explanation:
Explanation:
Determine the objective of audit should be the first step in the audit planning process. Depending upon the objective of an audit, auditor can gather the information about business process.
For CISA exam you should know the information below:
Steps to perform audit planning
Gain an understanding of the business mission, objectives, purpose and processes which includes information and processing requirement such as availability, integrity, security and business technology and information confidentiality.
Understand changes in the business environment audited.
Review prior work papers
Identify stated contents such as policies, standards and required guidelines, procedure and organization structures.
Perform a risk analysis to help in designing the audit plan.
Set the audit scope and audit objectives.
Develop the audit approach or audit strategy
Assign personnel resources to audit
Address engagement logistics.
The following answers are incorrect:
The other options specified should be completed once we finalize on the objective of audit.
Reference:
CISA review manual 2014 page number 30 (The process of auditing information system)
Please disable your adblocker or whitelist this site!