IS AUDITING GUIDELINE
AUDIT CHARTER
Introduction
The specialised nature of information
systems (IS) auditing, and the skills
necessary to perform such audits, require
standards that apply specifically to IS
auditing. One of the Information Systems
Audit and Control Association, Inc.’s
(ISACA’s) goals is therefore to advance
globally applicable standards to meet this
need. The development and
dissemination of IS Auditing Standards
are a cornerstone of the ISACA’s
professional contribution to the audit
community.
Objectives
The objectives of the ISACA’s IS
Auditing Standards are to inform
n IS Auditors of the minimum level
of acceptable performance
required to meet the professional
responsibilities set out in the
ISACA Code of Professional
Ethics for IS Auditors
n Management and other interested
parties of the profession’s
expectations concerning the work
of practitioners
The objective of IS Auditing
Guidelines is to provide further
information on how to comply with the
IS Auditing Standards.
Scope and Authority of IS Auditing
Standards
The framework for the ISACA’s IS
Auditing Standards provides for
multiple levels of standards, as
follows:
Standards define mandatory
requirements for IS auditing and
reporting.
Guidelines provide guidance in
applying IS auditing standards. The
IS Auditor should consider them in
determining how to achieve
implementation of the standards, use
professional judgment in their
application and be prepared to justify
any departure.
Procedures provide examples of
procedures an IS Auditor might follow
in an audit engagement. The
procedure documents provide
information on how to meet the
standards when performing IS
auditing work, but do not set
requirements.
The ISACA Code of Professional
Ethics requires members of the ISACA
and holders of the Certified
Information Systems Auditor (CISA)
designation to comply with IS Auditing
Standards as adopted by the ISACA.
Failure to comply wi