Docstoc

Alignment Grid in Excel

Document Sample
Alignment Grid in Excel Powered By Docstoc
					                                            Figure 1—IS Audit Process Domain Alignment Grid

          Topic            Hours                       Subtopic                              Course(s) Covering the Subtopic   Hours
                                   Laws and regulations: audit charter
                                   Nature of audit: demand for audits (e.g., agency
                                   theory, insurance hypothesis, information
                                   hypothesis)
                                   Nature of IS audit: need for control and audit of
                                   computer-based information systems
IS Audit Function                  Types of audit and auditors: information systems,
                            6      external, internal, government/public sector
Knowledge

                                   IS auditor responsibility, authority and
                                   accountability: audit charter, outsourcing of IS
                                   audit activities
                                   Regulation and control of IS audit: ISACA
                                   standards, guidelines, Code of Professional Ethics;
                                   laws; regulations
                                   Materiality: application of materiality for IS audit
                                   compared to materiality for financial statement
                                   audit
                                   Evidence: types of evidence; meaning of
                                   sufficient, reliable, relevant evidence
Fundamental Auditing               Independence: need for independence in attitude
                            7
Concepts                           and appearance, situations that may impair
                                   independence
                                   Audit risk: inherent risk, control risk, detection risk

                                   IS and general audit responsibilities for fraud
                                   Assurance
                                   Knowledge of ISACA Code of Professional Ethics

                                   Review of current ISACA IS Auditing Standards and
                                   Guidelines
Standards and Guidelines
                            5      Standards and guidelines specific to a
for IS Auditing
                                   region/country: ACM, AGA, AICPA, AITP, IFAC, IIA,
                                   ISO, NIA (See Appendix 5, Acronyms, for full
                                   names.)
                                   IS audit practices and techniques
                                  Relevance, structure and indicators of effective IT
                                  governance for organizations and IS auditors; IT
                                  governance structure
                                  Internal control objectives; internal control and
                                  documentation of IS, COCO, COSO, King, Sarbanes-
                                  Oxley Act of 2002, SAS94
                                  Control classifications: preventive, detective,
                                  compensating/corrective
Internal Controls Concepts        General controls: organizational, security, general
                             13
and Knowledge                     operating and disaster recovery, development,
                                  documentation
                                  Application controls: control objectives;
                                  classifications of application controls, e.g.,
                                  computerized/manual, input/processing/output,
                                  preventive/detective/corrective, audit trails

                                  COBIT: Relevance for organizations and IS auditors;
                                  structure of COBIT
                                  Strategic/tactical audit planning
                                  Engagement letter: purpose and content
                                  Risk assessment: risk-based auditing; risk
                                  assessment methods; standards such as AS-NZ
                                  4360, CRAMM
                                  Preliminary evaluation of internal controls:
                                  information gathering and control evaluation
Audit Planning Process       7
                                  techniques
                                  Audit plan, program and scope: compliance vs.
                                  substantive testing, application of risk assessment
                                  to audit plan
                                  Classification, scope of audits: e.g., financial,
                                  operational, general, application, OS, physical,
                                  logical
                                  Resource allocation/prioritization/
                                  planning/execution/reassignments
                                  Evaluating audit quality/peer reviews
                                  Best practice identification
                                  Computer information systems (CIS) audit career
                                  development
Audit Management             5
                                  Career path planning
                                  Performance assessment
                                  Performance counseling and feedback
                                  Training (internal/external)
                                  Professional development (certifications,
                                  professional involvement, etc.)
                                 Evidence: sufficient, reliable, relevant, useful
                                 Evidence-gathering techniques, e.g., observation,
                                 inquiry, interview, testing
                                 Compliance vs. substantive testing: nature of and
                                 difference between compliance and substantive
                                 testing, types of compliance tests, types of
                                 substantive tests
                                 Sampling: sampling concepts, statistical and non-
                                 statistical approaches, design and selection of
                                 samples, evaluation of sample results
Audit Evidence Process      12
                                 Computer-assisted audit techniques (CAATs):
                                 need for, types of, planning for and using CAATs;
                                 continuous online auditing approach
                                 Documentation: relationship with audit evidence;
                                 uses of documentation; minimum content;
                                 custody, retention, retrieval
                                 Analysis: judge the materiality of findings, identify
                                 reportable conditions, reach conclusions

                                 Review: provide reasonable assurance that
                                 objectives have been achieved
                                 Form and content of audit report: purpose,
                                 structure and content, style, intended recipient,
                                 type of opinion, consideration of subsequent
Audit Reporting Follow-up   3
                                 events
                                 Management actions to implement
                                 recommendations
              Total hours   58                                                           Total Hours   0
                                             Figure 2—IT Governance Domain Alignment Grid

           Topic           Hours                          Subtopic                          Course(s) Covering the Subtopic   Hours
                                   IT project management
                                   Risk management: economic, social, cultural,
                                   technology risk management
                                   Software quality control management
                                   Management of IT infrastructure, alternative IT
                                   architectures, configuration
                                   Management of IT delivery (operations) and
IS/IT Management            10
                                   support (maintenance)
                                   Performance measurement and reporting: IT
                                   balanced scorecard
                                   Outsourcing
                                   Quality assurance
                                   Sociotechnical and cultural approach to
                                   management
                                   IS/IT strategic planning: competitive strategies
                                   and business intelligence, link to corporate
                                   strategy
                                   Strategic information systems frameworks and
                                   applications: types of IS, knowledge management,
IS/IT Strategic Planning    8      decision support systems; classification of
                                   information systems
                                   Management of IT human resources, employee
                                   policies, agreements, contracts
                                   Segregation of duties
                                   IS/IT training and education
                                   Legal issues relating to the introduction of IT to the
                                   enterprise (international and country-specific)

                                   Intellectual property issues in cyberspace:
IS/IT Management Issues     9      trademarks, copyrights, patents
                                   Ethical issues
                                   Privacy
                                   IT governance
                                   IS/IT housekeeping
                                   COBIT: management guidelines, a framework for
                                   IS/IT managers
                                   COBIT: audit’s use in support of the business cycle
Support Tools and
                            6
Frameworks
                                   International standards and good practices: ISO
                                   17799, ITIL, privacy standards, COSO, COCO,
                                   Cadbury, King
                                    Change control reviews
Techniques                   4      Operational reviews
                                    ISO 9000 reviews
              Total hours    37                                                                                    Total Hours    0

                            Figure 3—Systems and Infrastructure Lifecycle Management Domain Alignment Grid

          Topic             Hours                        Subtopic                          Course(s) Covering the Subtopic       Hours
                                    IS managing components (e.g., data processes,
                                    technologies, organization), understanding
                                    stakeholders and their requirements

                                    IS planning methods: system investigation,
IS Planning                  9      process integration/reengineering opportunities,
                                    risk evaluation, cost-benefit analysis, risk
                                    assessment, object-oriented systems analysis and
                                    design
                                    Enterprise resource planning (ERP) software
                                    enterprise applications integration
                                    Monitoring service-level performance against
                                    service level agreements (SLAs), quality of service,
                                    availability, response time, security and controls,
                                    processing integrity, privacy, remedies, amending
                                    SLAs
                                    Data and information: analyze, evaluate and
                                    design information architecture (i.e., the role of
                                    databases and database management systems,
                                    including knowledge management systems and
                                    data warehouses)
Information Management
                             16     Data and application architecture (e.g., IS
and Usage
                                    modeling, business models, processes and
                                    solutions); analysis, evaluations and design of an
                                    enterprise’s business processes and business
                                    models
                                    Information management (data administration,
                                    database functions and administration, database
                                    administrator roles and responsibilities)

                                    Database technology as tools for the auditor
                                    Data structures and basic SQL language
                                 Information systems project management:
                                 planning, organization, human resource
                                 deployment, project control, monitoring,
                                 execution
                                 Traditional methods for the system development
                                 life cycle (SDLC); analysis, evaluation and design of
                                 an enterprise’s SDLC phases and tasks
Development, Acquisition
and Maintenance of          12
                                 Approaches for system development: software
Information Systems
                                 packages, prototyping, business process
                                 reengineering, computer-aided software
                                 engineering (CASE) tools
                                 System maintenance and change control
                                 procedures for system changes
                                 Risk and control issues, analysis and evaluation of
                                 project characteristics and risks
Impact of IT on the              Business process outsourcing (BPO)
Business Processes and      4
Solutions                        Applications of e-business issues and trends
                                 Separation of specification and implementation in
                                 programming
                                 Requirements specification methodology
                                 Algorithm design, sorting and searching algorithms
Software Development        11
                                 File handling
                                 Linked lists and binary trees
                                 Database creation and manipulation
                                 Principles of good screen and report design
                                 Program language alignment
                                 Input/origination controls
                                 Processing control procedures
Audit and Development of
                            19   Output controls
Application Controls
                                 Application system documentation
                                 Audit trails
              Total hours   71                                                           Total Hours   0
                                   Figure 4—IT Service Delivery and Support Domain Alignment Grid

          Topic            Hours                         Subtopic                        Course(s) Covering the Subtopic   Hours
                                   IT architecture/standards
                                   Hardware: all IT equipment, including mainframe,
                                   minicomputers, client-servers, routers, switches,
                                   communications, PCs, etc.
                                   Software: operating systems, utility software,
                                   database systems, etc.
                                   Network: communications equipment and
                                   services rendered to provide networks, network-
                                   related hardware, network-related software; use
                                   of service providers that provide communication
                                   services, etc.
                                   Baseline controls
                                   Security/testing and validation
Technical Infrastructure    25     Performance monitoring and evaluation tools
                                   IT governance: maintaining and making it work for
                                   IT
                                   IT control monitoring and evaluation tools, such as
                                   access control systems monitoring or intrusion
                                   detection systems monitoring
                                   Managing information resources and information
                                   infrastructure: enterprise management software

                                   Service center management and operations
                                   standards/guidelines: COBIT, ITIL, ISO 17799
                                   Issues and considerations of service center vs.
                                   proprietary technical infrastructures
                                   Open systems
                                       Service center management and operations
                                       standards/guidelines: COBIT, ITIL, ISO 17799
                                       Change management/implementation of new and
                                       changed systems: organization of the tools used to
                                       control the introduction of new and changed
                                       products into the service center environment

                                       Security management
                                       Resource/configuration management: compliance
                                       with organization/IT operating standards, policies
                                       and procedures (e.g., proper use of computer
                                       languages)
                                       Problem and incident management
                                       Capacity planning and prognosis
Service Center
                                12     Management of the distribution of automated
Management
                                       systems
                                       Administration of release and versions of
                                       automated systems
                                       Management of suppliers
                                       Customer liaison
                                       Service level management
                                       Contingency/backup and recovery management

                                       Call center management
                                       Management of operations of the infrastructure
                                       (central and distributed)
                                       Network management
                                       Risk management
                                       Key management principles
                 Total hours    37                                                                                  Total Hours    0

                                       Figure 5—Protection of Information Assets Domain Alignment Grid

          Topic                Hours                         Subtopic                       Course(s) Covering the Subtopic       Hours
                                       Information technology and security basics,
                                       concept of IT security, need for securing IT
Information Assets                     resources, policy framework on IT assets security,
                                10
Security Management                    management of IT security, training
                                       Standards, compliance and assurance on IT
                                       security
                                        Components of logical IT security, logical access
                                        control issues and exposures, access control
                                        software
Logical IT Security            7        Logical security risks, controls and audit
                                        considerations (audit of logical access, security
                                        testing)
                                        Logical security features, tools, procedures
                                        Communications and network security: principles
                                        of network security, client-server, Internet and
                                        web-based services, firewall security systems and
                                        other connectivity protection resources (e.g.,
                                        cryptography, digital signatures, key management
                                        policies), intrusion detections systems, COBIT,
Applied IT Security: High-
                               9        system reviews
technology Resources
                                        Mainframe security facilities
                                        Basic database application and system security

                                        Security in the system development and
                                        maintenance processes
                                        Environmental issues and exposures: concepts of
Physical and
                               3        physical IT security
Environmental Security
                                        Physical access exposures and controls
                Total hours    29                                                                                     Total Hours     0

                                    Figure 6—Disaster Recovery and Business Continuity Domain Alignment Grid

            Topic             Hours                         Subtopic                         Course(s) Covering the Subtopic         Hours
                                        Management support and commitment to the
                                        process
                                        Plan preparation and documentation
                                        Management approval and distribution of the plan
Protection of the IT
Architecture and Assets:
                               10       Testing, maintenance and revision of the plan;
Disaster Recovery
                                        training
Planning
                                        Audit’s role
                                        Backup provisions
                                        Business continuity planning
                                        Business impact analysis
                                        Description of insurance
                                        Items that can be insured
Insurance                      2        Types of insurance coverage
                                        Valuation of assets: equipment, people,
                                        information process, technology
                Total Hours    12                                                                                     Total Hours     0

               Grand Total    244                                                                      Total Hours for Figures 1-6    0
                                           (Course number and name)
Figure 1 - IS Audit Process
IS Audit Function Knowledge
Fundamental Auditing Concepts
Standards and Guidelines for IS Auditing
Internal Controls Concepts and Knowledge
Audit Planning Process
Audit Management
Audit Evidence Process
Audit Reporting Follow-up
                                         Total

Figure 2-IT Governance
IS/IT Management
IS/IT Strategic Planning
IS/IT Management Issues
Support Tools and Frameworks
Techniques
                                        Total

Figure 3-Systems and Infrastructure Lifecycle Management
IS Planning
Information Management and Usage
Development, Acquisition and Maintenance of
Information Systems
Impact of IT on the Business Processes and
Solutions
Software Development

Audit and Development of Application Controls
                                        Total
Figure 4—IT Service Delivery and Support
Technical Infrastructure
Service Center Management
                                        Total

Figure 5—Protection of Information Assets
Information Assets Security Management
Logical IT Security

Applied IT Security: High-technology Resources
Physical and Environmental Security
                                         Total

Figure 6—Disaster Recovery and Business Continuity
Protection of the IT Architecture and Assets:
Disaster Recovery Planning
Insurance
                                          Total

Totals                                           0   0   0   0   0   0   0   0   0   0   0   0   0   0   0   0
                                                                                    Previous Mapping Hours (Completed by ISACA)
                                                Hours Over/Under Model Curriculum




                                                                                                                                  Change in Mapped Hours
 Model curriculum Hours

                          New Mapped Hours




 6.0                      0.0                 (6.0)                                                                               0.0
 7.0                      0.0                 (7.0)                                                                               0.0
 5.0                      0.0                 (5.0)                                                                               0.0
13.0                      0.0                (13.0)                                                                               0.0
 7.0                      0.0                 (7.0)                                                                               0.0
 5.0                      0.0                 (5.0)                                                                               0.0
12.0                      0.0                (12.0)                                                                               0.0
 3.0                      0.0                 (3.0)                                                                               0.0
58.0                      0.0                (58.0)                                 0.0                                           0.0


10.0                      0.0                (10.0)                                                                               0.0
 8.0                      0.0                 (8.0)                                                                               0.0
 9.0                      0.0                 (9.0)                                                                               0.0
 6.0                      0.0                 (6.0)                                                                               0.0
 4.0                      0.0                 (4.0)                                                                               0.0
37.0                      0.0                (37.0)                                 0.0                                           0.0


 9.0                      0.0                 (9.0)                                                                               0.0
16.0                      0.0                (16.0)                                                                               0.0

12.0                      0.0                (12.0)                                                                               0.0

 4.0                      0.0                 (4.0)                                                                               0.0
11.0                      0.0                (11.0)                                                                               0.0

19.0                      0.0                (19.0)                                                                               0.0
71.0                      0.0                (71.0)                                 0.0                                           0.0
         25.0   0.0    (25.0)         0.0
         12.0   0.0    (12.0)         0.0
         37.0   0.0    (37.0)   0.0   0.0


         10.0   0.0    (10.0)         0.0
          7.0   0.0     (7.0)         0.0

          9.0   0.0     (9.0)         0.0
          3.0   0.0     (3.0)         0.0
         29.0   0.0    (29.0)   0.0   0.0




         10.0   0.0    (10.0)         0.0
          2.0   0.0     (2.0)         0.0
         12.0   0.0    (12.0)   0.0   0.0

0   0   244.0   0.0   (244.0)   0.0   0.0
                                            Figure 1—IS Audit Process Domain Alignment Grid

          Topic            Hours                       Subtopic                             Course(s) Covering the Subtopic        Hours
                                   Laws and regulations: audit charter                 Acct 460 Accounting Information Systems       1

                                   Nature of audit: demand for audits (e.g., agency    Acct 451 Auditing I                          5
                                   theory, insurance hypothesis, information
                                   hypothesis)
                                   Nature of IS audit: need for control and audit of   Acct 456 Information Systems Auditing and    1
                                   computer-based information systems                  Control
IS Audit Function                  Types of audit and auditors: information systems,
                            6
Knowledge                          external, internal, government/public sector

                                   IS auditor responsibility, authority and
                                   accountability: audit charter, outsourcing of IS
                                   audit activities
                                   Regulation and control of IS audit: ISACA
                                   standards, guidelines, Code of Professional Ethics;
                                   laws; regulations
                                   Materiality: application of materiality for IS audit Acct 460 Accounting Information Systems     9
                                   compared to materiality for financial statement
                                   audit
                                   Evidence: types of evidence; meaning of                 Acct 451 Auditing I                      1
                                   sufficient, reliable, relevant evidence
Fundamental Auditing               Independence: need for independence in attitude
                            7
Concepts                           and appearance, situations that may impair
                                   independence
                                   Audit risk: inherent risk, control risk, detection risk

                                   IS and general audit responsibilities for fraud
                                   Assurance
                                   Knowledge of ISACA Code of Professional Ethics      Acct 460 Accounting Information Systems      1

                                   Review of current ISACA IS Auditing Standards and Acct 451 Auditing I                            1
                                   Guidelines
Standards and Guidelines
                            5      Standards and guidelines specific to a            Acct 456 Information Systems Auditing and      2
for IS Auditing
                                   region/country: ACM, AGA, AICPA, AITP, IFAC, IIA, Control
                                   ISO, NIA (See Appendix 5, Acronyms, for full
                                   names.)
                                   IS audit practices and techniques
                                  Relevance, structure and indicators of effective IT Acct 460 Accounting Information Systems     6
                                  governance for organizations and IS auditors; IT
                                  governance structure
                                  Internal control objectives; internal control and   Acct 451 Auditing I                         2
                                  documentation of IS, COCO, COSO, King, Sarbanes-
                                  Oxley Act of 2002, SAS94
                                  Control classifications: preventive, detective,     MIS 471 Systems Analysis and Design         6
                                  compensating/corrective
Internal Controls Concepts        General controls: organizational, security, general
                             13
and Knowledge                     operating and disaster recovery, development,
                                  documentation
                                  Application controls: control objectives;
                                  classifications of application controls, e.g.,
                                  computerized/manual, input/processing/output,
                                  preventive/detective/corrective, audit trails

                                  COBIT: Relevance for organizations and IS auditors;
                                  structure of COBIT
                                  Strategic/tactical audit planning                   Acct 451 Auditing I                         7
                                  Engagement letter: purpose and content              Acct 456 Information Systems Auditing and   1
                                                                                      Control
                                  Risk assessment: risk-based auditing; risk
                                  assessment methods; standards such as AS-NZ
                                  4360, CRAMM
                                  Preliminary evaluation of internal controls:
Audit Planning Process       7    information gathering and control evaluation
                                  techniques
                                  Audit plan, program and scope: compliance vs.
                                  substantive testing, application of risk assessment
                                  to audit plan
                                  Classification, scope of audits: e.g., financial,
                                  operational, general, application, OS, physical,
                                  logical
                                  Resource allocation/prioritization/                 Acct 451 Auditing I                         1
                                  planning/execution/reassignments
                                  Evaluating audit quality/peer reviews
                                  Best practice identification
                                  Computer information systems (CIS) audit career
                                  development
Audit Management             5
                                  Career path planning
                                  Performance assessment
                                  Performance counseling and feedback
                                  Training (internal/external)
                                  Professional development (certifications,
                                  professional involvement, etc.)
                                 Evidence: sufficient, reliable, relevant, useful        Acct 460 Accounting Information Systems    3

                                 Evidence-gathering techniques, e.g., observation, Acct 451 Auditing I                              10
                                 inquiry, interview, testing
                                 Compliance vs. substantive testing: nature of and
                                 difference between compliance and substantive
                                 testing, types of compliance tests, types of
                                 substantive tests
                                 Sampling: sampling concepts, statistical and non-
                                 statistical approaches, design and selection of
                                 samples, evaluation of sample results
Audit Evidence Process      12
                                 Computer-assisted audit techniques (CAATs):
                                 need for, types of, planning for and using CAATs;
                                 continuous online auditing approach
                                 Documentation: relationship with audit evidence;
                                 uses of documentation; minimum content;
                                 custody, retention, retrieval
                                 Analysis: judge the materiality of findings, identify
                                 reportable conditions, reach conclusions

                                 Review: provide reasonable assurance that
                                 objectives have been achieved
                                 Form and content of audit report: purpose,              Acct 451 Auditing I                        4
                                 structure and content, style, intended recipient,
                                 type of opinion, consideration of subsequent
Audit Reporting Follow-up   3
                                 events
                                 Management actions to implement
                                 recommendations
              Total hours   58                                                                                        Total Hours   61
                                            Figure 2—IT Governance Domain Alignment Grid

           Topic           Hours                      Subtopic                              Course(s) Covering the Subtopic    Hours
                                   IT project management                               MIS 421 Business Data Communication       1
                                                                                       and Distributed Processing

                                   Risk management: economic, social, cultural,        MIS 471 Systems Analysis and Design      9
                                   technology risk management
                                   Software quality control management                 Acct 456 Inform. Systems Auditing and    1
                                                                                       Control
                                   Management of IT infrastructure, alternative IT
IS/IT Management            10     architectures, configuration
                                   Management of IT delivery (operations) and
                                   support (maintenance)
                                   Performance measurement and reporting: IT
                                   balanced scorecard
                                   Outsourcing
                                   Quality assurance
                                   Sociotechnical and cultural approach to
                                   management
                                   IS/IT strategic planning: competitive strategies    MIS 200 Intro. To Managmnt Inform.       1
                                   and business intelligence, link to corporate        Systems
                                   strategy
                                   Strategic information systems frameworks and        Acct 460 Accounting Inform. Systems      1
                                   applications: types of IS, knowledge management,
                                   decision support systems; classification of
IS/IT Strategic Planning    8      information systems
                                   Management of IT human resources, employee          MIS 421 Business Data Communication      2
                                   policies, agreements, contracts                     and Distributed Processing

                                   Segregation of duties                               Acct 456 Inform. Systems Auditing and    2
                                                                                       Control
                                   IS/IT training and education
                                   Legal issues relating to the introduction of IT to the MIS 200 Intro. To Managmnt Inform.    1
                                   enterprise (international and country-specific)        Systems

                                   Intellectual property issues in cyberspace:         Acct 460 Accounting Inform. Systems      1
                                   trademarks, copyrights, patents
IS/IT Management Issues     9
                                   Ethical issues                                      MIS 471 Systems Analysis and Design      6
                                   Privacy                                             Acct 456 Inform. Systems Auditing and    1
                                                                                       Control
                                   IT governance
                                   IS/IT housekeeping
                                   COBIT: management guidelines, a framework for Acct 460 Accounting Inform. Systems            1
                                   IS/IT managers
                                   COBIT: audit’s use in support of the business cycle Acct 456 Inform. Systems Auditing and    1
Support Tools and
                            6                                                          Control
Frameworks
                                   International standards and good practices: ISO
                                   17799, ITIL, privacy standards, COSO, COCO,
                                   Cadbury, King
                                Change control reviews   Acct 456 Inform. Systems Auditing and        3
                                                         Control
Techniques                 4
                                Operational reviews
                                ISO 9000 reviews
             Total hours   37                                                          Total Hours    31



             Grand Total   95                                           Total Hours for Figures 1-2   92
                                                                                                                                                                                                              421 Business Data Comm. & Distributed Processing




                                                                                                                                                                                                                                                                                                                                                                                                                                                 Previous Mapping Hours (Completed by ISACA)
                                                                                                                             456 Information Systems Auditing and Control




                                                                                                                                                                                                                                                                 200 Intro. To Management Inform. Systems




                                                                                                                                                                                                                                                                                                                                                                                                            Hours Over/Under Model Curriculum
                                                                        460 Accounting Information Systems




                                                                                                                                                                            471 Systems Analysis and Design
                                             (Course number and name)




                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                Change in Mapped Hours
                                                                                                                                                                                                                                                                                                                                                             Model curriculum Hours

                                                                                                                                                                                                                                                                                                                                                                                       New Mapped Hours
                                                                                                             451 Audting I
Figure 1 - IS Audit Process
IS Audit Function Knowledge                                                              1  5                                                      1                                                                                                                                                                                                         6.0                       7.0                 1.0                                   7.0                                            0.0
Fundamental Auditing Concepts                                                            9  1                                                                                                                                                                                                                                                                7.0                      10.0                 3.0                                  10.0                                            0.0
Standards and Guidelines for IS Auditing                                                 1  1                                                      2                                                                                                                                                                                                         5.0                       4.0                (1.0)                                  4.0                                            0.0
Internal Controls Concepts and Knowledge                                                 6  2                                                                                              6                                                                                                                                                                13.0                      14.0                 1.0                                  14.0                                            0.0
Audit Planning Process                                                                      7                                                      1                                                                                                                                                                                                         7.0                       8.0                 1.0                                   8.0                                            0.0
Audit Management                                                                            1                                                                                                                                                                                                                                                                5.0                       1.0                (4.0)                                  3.0                                           -2.0
Audit Evidence Process                                                                   3 10                                                                                                                                                                                                                                                               12.0                      13.0                 1.0                                  13.0                                            0.0
Audit Reporting Follow-up                                                                   4                                                                                                                                                                                                                                                                3.0                       4.0                 1.0                                   4.0                                            0.0
                                           Total                                                                                                                                                                                                                                                                                                            58.0                      61.0                 3.0                                  63.0                                           -2.0

Figure 2-IT Governance
IS/IT Management                                                                                                                                   1                                       9                                          1                                                                                                                     10.0                      11.0                 1.0                                  11.0                                            0.0
IS/IT Strategic Planning                                                                 1                                                         2                                                                                  2                                              1                                                                       8.0                       6.0                (2.0)                                  6.0                                            0.0
IS/IT Management Issues                                                                  1                                                         1                                       6                                                                                         1                                                                       9.0                       9.0                 0.0                                   9.0                                            0.0
Support Tools and Frameworks                                                             1                                                         1                                                                                                                                                                                                         6.0                       2.0                (4.0)                                  2.0                                            0.0
Techniques                                                                                                                                         3                                                                                                                                                                                                         4.0                       3.0                (1.0)                                  4.0                                           -1.0
                                           Total                                                                                                                                                                                                                                                                                                            37.0                      31.0                (6.0)                                 32.0                                           -1.0

Totals                                                                  23 31 12 21                                                                                                                                                   3                                              2                      0   0   0   0   0   0   0   0   0   0   0   0   95.0                      92.0                (3.0)                                 95.0                                           -3.0

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:21
posted:8/4/2011
language:English
pages:19