IS AUDITING GUIDELINE
APPLICATION SYSTEMS REVIEW
Document # 060.020.020
Introduction
The specialised nature of information systems (IS) auditing and the skills necessary to perform such audits, require standards that
apply specifically to IS auditing. One goal of the Information Systems Audit and Control Association, Inc. (ISACA) is therefore to
advance globally applicable standards to meet this need. The development and dissemination of IS auditing standards are a
cornerstone of the ISACA professional contribution to the audit community.
Objectives
The objectives of the ISACA Standards for IS Auditing are to inform
n IS Auditors of the minimum level of acceptable performance required to meet the professional responsibilities set out in the Code
of Professional Ethics for IS Auditors
n Management and other interested parties of the profession’s expectations concerning the work of practitioners
The objective of IS Auditing Guidelines is to provide further information on how to comply with the IS auditing standards.
Scope and Authority of IS Auditing Standards
The framework for the ISACA IS auditing standards provides for multiple levels of standards, as follows:
n Standards define mandatory requirements for IS auditing and reporting.
n Guidelines provide guidance in applying IS auditing standards. The IS Auditor should consider them in determining how to
achieve implementation of the standards, use professional judgment in their application and be prepared to justify any departure.
The words audit and review are used interchangeably.
n Procedures provide examples of procedures an IS Auditor might follow in an audit engagement. The procedure documents
provide information on how to meet the standards when performing IS auditing work, but do not set requirements.
The ISACA Code of Professional Ethics requires members of the ISACA and holders of the Certified Information Systems Auditor
(CISA) designation to comply with IS auditing standards adopted by th