IS AUDITING GUIDELINE
AUDIT EVIDENCE REQUIREMENT
Introduction
The specialised nature of information
systems auditing, and the skills
necessary to perform such audits,
require globally applicable standards
that apply specifically to information
systems auditing. One of the
Information Systems Audit and
Control Association, Inc.’s (ISACA’s)
goals is therefore to advance
standards to meet this need. The
development and dissemination of
Standards for Information Systems
Auditing are a cornerstone of the
ISACA’s professional contribution to
the audit community.
Objectives
The objectives of the ISACA’s
Standards for Information Systems
Auditing are to inform
n Information Systems Auditors of
the minimum level of acceptable
performance required to meet the
professional responsibilities set
out in the Code of Professional
Ethics for Information Systems
Auditors
n Management and other interested
parties of the profession’s
expectations concerning the work
of practitioners
The objective of IS Auditing
Guidelines is to provide further
information on how to comply with the
Information Systems Auditing
Standards.
Scope and Authority of
Standards for Information
Systems Auditing
The framework for the ISACA’s
Information Systems Auditing
Standards provides for multiple levels
of standards, as follows:
Standards define mandatory
requirements for IS auditing and
reporting.
Guidelines provide guidance in
applying IS auditing standards.
The IS Auditor should consider
them in determining how to
achieve implementation of the
above standards, use professional
judgment in their application and
be prepared to justify any
departure.
Procedures provide examples
of procedures an IS Auditor might
follow in an audit engagement.
The procedure documents provide
information on how to meet the
standards when doing information
systems auditing work, but do not
set requirements.
The ISACA Code of Professional
Ethics requires members of the
ISACA and holders of the Certified
Information Systems Auditor (CISA)
designation to comply with Informatio