Information System Auditing Process - Execution
Execution of information system audits.
The Information System Auditing Process - Execution phase is a critical component of the CISA methodology, occurring after audit planning and before reporting. During execution, auditors implement the audit program to gather sufficient, reliable evidence for drawing conclusions about the information system's controls. Auditors begin by conducting entrance meetings with key stakeholders to confirm audit objectives, scope, and timing. They then deploy various evidence collection techniques including documentation review, interviews, observations, walkthroughs, and technical testing. Specifically, auditors examine system documentation, policies, and procedures to understand design controls. They interview personnel to confirm understanding of processes and identify potential issues. Through observation, they witness actual control operation. Walkthroughs allow tracing transactions through entire processes, while technical testing may involve vulnerability assessments, configuration reviews, or code analysis. Throughout execution, auditors document findings in working papers that connect evidence to audit objectives. They identify control weaknesses, compliance gaps, and operational inefficiencies. Evidence must be sufficient (adequate quantity), reliable (trustworthy), relevant (applicable to objectives), and useful (helps achieve audit purpose). As issues emerge, auditors perform root cause analysis to identify underlying problems rather than merely symptoms. They evaluate findings based on risk and materiality - considering impact on confidentiality, integrity, and availability of information assets. Auditors maintain continuous communication with auditees during execution, promptly discussing potential findings to validate accuracy and give management opportunity for clarification. They adjust audit procedures as needed when unexpected issues arise. The execution phase concludes with preliminary findings documentation and preparation for the exit conference, where auditors present initial results before formal reporting. Throughout execution, professional skepticism and objectivity remain essential to effective information systems auditing.
The Information System Auditing Process - Execution phase is a critical component of the CISA methodology, occurring after audit planning and before reporting. During execution, auditors implement th…
Concepts covered: Audit Evidence Collection Techniques, Audit Testing and Sampling Methodology, Reporting and Communication Techniques, Quality Assurance and Improvement of Audit Process, Audit Project Management, Audit Data Analytics
Go Premium
Certified Information Systems Auditor Preparation Package (2025)
- 2105 Superior-grade Certified Information Systems Auditor practice questions.
- Accelerated Mastery: Deep dive into critical topics to fast-track your mastery.
- Unlock Effortless CISA preparation: 5 full exams.
- 100% Satisfaction Guaranteed: Full refund with no questions if unsatisfied.
- Bonus: If you upgrade now you get upgraded access to all courses
- Risk-Free Decision: Start with a 7-day free trial - get premium features at no cost!