Documente Academic
Documente Profesional
Documente Cultură
Audit Standards
AICPA Statements of Auditing Standards (SASs) ISACAIS Audit Standards, Guidelines, and Procedures AICPA Statement on Standards for Attestation Engagements (SSAE) IFAC International Auditing Standards ISACA CobiT
Planning
Scope and control objectives Materiality Outsourcing Gain an understanding of the client and clients industry, business risks
Risk Assessment
Shift is to risk-based audit approach What can go wrong High risk areas require more audit effort Materiality important
Includes:
Scope Audit objectives Audit procedures Administrative details such as planning and reporting
Generic audit programs are customized for the client and clients technology
Gathering Evidence
Evidence includes:
Observations Documentary evidence Flowcharts, narratives, written policies CAATs procedures
Sampling
Attribute sampling used by IT auditors
Forming Conclusions
Attestation
Standard is SSAE 10 Includes:
Data analytic reviews Commission agreement reviews Webtrust engagements Systrust engagements Financial projections Compliance reviews
SAS 70 Audit
Applicable to any service organization that wishes to assure its clients of the existence and effectiveness of internal controls relative to the service provided Two types of SAS 70 audits
Type I Type II
SAS 94