Gathering Audit Evidence” section of Ch. 3, “Audit Process,” of CISA®: Certified Information Systems Auditor Study Guide; and Ch. 36, “Preventing and Investigating Information Technology Fraud,” of Auditor’s Guide to IT Auditing.
As part of your internship, you will be asked to collect any IS/IT evidence in an incident. You must exercise due care when gathering evidence. The senior auditor you are working with has asked you several questions related to this process:
- What are the categories of audit standards you will use?
- What will you do when you gather evidence of an incident?
- Why do you need to know the positions of duties of IS/IT employees as well as managers in terms of evidence collection?
- How will you grade evidence?
- Why does the audit process consider fraud?
- What are internal controls?
Prepare a 1- to 2-page memo in Microsoft® Word to the senior auditor you’re working with to briefly answer each question.
Include a definition of what an information technology assurance framework is and how it relates to recognizing and gathering evidence