Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
CISA – Certified Information Systems Auditor Study Guide

You're reading from   CISA – Certified Information Systems Auditor Study Guide Ace the CISA exam with practical examples and over 1000 exam-oriented practice questions

Arrow left icon
Product type Paperback
Published in Oct 2024
Publisher Packt
ISBN-13 9781835882863
Length 356 pages
Edition 3rd Edition
Arrow right icon
Author (1):
Arrow left icon
Hemang Doshi Hemang Doshi
Author Profile Icon Hemang Doshi
Hemang Doshi
Arrow right icon
View More author details
Toc

Table of Contents (15) Chapters Close

Preface 1. Chapter 1: Audit Planning 2. Chapter 2: Audit Execution FREE CHAPTER 3. Chapter 3: IT Governance 4. Chapter 4: IT Management 5. Chapter 5: Information Systems Acquisition and Development 6. Chapter 6: Information Systems Implementation 7. Chapter 7: Information Systems Operations 8. Chapter 8: Business Resilience 9. Chapter 9: Information Asset Security and Control 10. Chapter 10: Network Security and Control 11. Chapter 11: Public Key Cryptography and Other Emerging Technologies 12. Chapter 12: Security Event Management 13. Chapter 13: Accessing the Online Practice Resources 14. Other Books You May Enjoy

Reporting and Communication Techniques

Audit reporting and following up for closure are the last steps of the audit process. The effectiveness of an audit largely depends on how the audit results are communicated and how follow-up is done for the closure of recommendations. Effective verbal and written communication skills are key attributes of a good auditor. A CISA candidate is expected to have a thorough understanding of the elements of an exit interview, audit report objectives, the process and structure, and follow-up activities. These are discussed in the following subsections.

Exit Interview

Auditing is not about finding errors. It is about adding value to the existing processes of an organization. A formal exit interview is essential before the audit report is released as it ensures that facts are not misunderstood or misinterpreted. The following are the objectives of an exit interview:

  • To ensure that the facts are appropriately and correctly presented in the audit report
  • To discuss recommendations with auditee management
  • To discuss an implementation date

Exit meetings help align the audit team and auditee management on the findings that are presented, discussed, and agreed upon.

Audit Reporting

An audit report is a formal document that presents the findings, conclusions, and recommendations resulting from an audit. A CISA candidate should note the following best practices with respect to audit reporting:

  • The IS auditor is ultimately responsible for reporting to senior management and the final audit report should be sent to the audit committee of the board (ACB). If the IS auditor has no access to the top officials and the ACB, it will impact the auditor’s independence.
  • Before the report is placed with the ACB, the IS auditor should meet with auditee management to determine the accuracy of the audit observations and to understand the correction plan.
  • Sometimes, auditee management may not agree with the audit findings and recommendations. In such cases, IS auditors should emphasize the significance of the audit findings and the risk of not taking any corrective action.
  • If there is any control weakness that is not within the scope of the audit, it should be reported to management during the audit process. This should not be overlooked. Generally, accepted audit procedures require audit results to be reported even if the auditee takes corrective action prior to reporting.
  • To support the audit results, the IS auditor should have clear and accurate audit facts.

Audit Report Objectives

An audit report’s primary goal is to communicate the findings of an audit clearly and effectively. The following are the six objectives of audit reporting:

  • The presentation of audit findings/results to all the stakeholders (that is, the auditees).
  • Providing a formal closure for the audit committee.
  • Providing assurance to the organization. The audit report identifies the areas that require corrective action and associated suggestions.
  • Providing a reference for any party researching the auditee or audit topic.
  • Helping in follow-ups of audit findings presented in the audit reports for closure.
  • Promoting audit credibility. This depends on the report being well developed and well written.

Audit Report Structure

An audit report is generally submitted to senior management, and hence, proper structuring of the report is very important. An audit report includes the following content:

  • An introduction to the report, which includes the scope of the audit, the limitations of the audit, a statement of the audit objective, the audit period, and so on
  • Audit findings and recommendations
  • Opinions about the adequacy, effectiveness, and efficiency of the control environment

The next section will take you through a rundown of the main objectives of follow-up activities.

Follow-Up Activities

The main objective of follow-up activities is to validate whether management has implemented the audit recommendations. An IS auditor needs to determine whether management has acted on corrective actions to close the audit findings. It is essential to have a structured process to determine that corrective actions have been implemented. Having a structured process for implementing corrective actions ensures accountability and timely follow-up, helping to address issues effectively and prevent them from recurring.

Follow-up activities should be taken up on the basis of the timeline agreed on by auditee management for the closure of audit findings. The status of compliance should be placed at the appropriate level of management.

Although audit follow-ups are primarily applicable to internal audit functions, external audit firms may be required to do the follow-up if it is included in the letter of engagement.

Key Aspects for the CISA Exam

The following table covers important aspects from the CISA exam perspective:

Questions

Possible Answers

What is the objective of an audit closure meeting?

To ensure that there have been no misunderstandings or misinterpretations of the facts

What is the objective of conducting a follow-up audit?

To validate remediation actions

What is the best way to schedule a follow-up audit?

On the basis of the due date agreed upon by auditee management

Table 2.14: Key aspects for the CISA exam

While reporting and monitoring methods are crucial for tracking performance and detecting potential risks, control self-assessment enables organizations to proactively assess their internal controls; this is discussed in detail next.

You have been reading a chapter from
CISA – Certified Information Systems Auditor Study Guide - Third Edition
Published in: Oct 2024
Publisher: Packt
ISBN-13: 9781835882863
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image