IS Standards, Guidelines and Procedures for Auditing and ...
IS Standards, Guidelines and
Procedures for
Auditing and Control Professionals
?
?
?
Code of Professional Ethics
IS Auditing Standards, Guidelines and Procedures
IS Control Professionals Standards
Current as of 15 January 2009
ISACA
2008-2009 BOARD OF DIRECTORS
Lynn Lawton, CISA, FBCS, FCA, FIIA KPMG LLP, UK, International President
George Ataya, CISA, CISM, CGEIT, CISSP ICT Control SA, Belgium, Vice President
Howard Nicholson, CISA, CGEIT City of Salisbury, Australia, Vice President
Jose Angel Pena Ibarra, CGEIT Consultoria en Comunicaciones e Info., SA & CV, Mexico, Vice President
Robert E. Stroud CA Inc., USA, Vice President
Kenneth L. Vander Wal, CISA, CPA Ernst & Young LLP (retired), USA, Vice President
Frank Yam, CISA, FHKCS, FHKloD Focus Strategic Group Inc., Hong Kong, Vice President
Marios Damianides, CISA, CISM, CA, CPA Ernst & Young, USA, Past International President
Everett C. Johnson Jr., CPA Deloitte & Touche LLP (retired), USA, Past International President
Gregory T. Grocholski, CISA The Dow Chemical Company, USA, Director
Tony Hayes Queensland Government, Australia, Director
Jo Stewart-Rattray, CISA, CISM, CSEPS RSM Bird Cameron, Australia, Director
2008-2009
Ravi Muthukrishnan, CISA, CISM, FCA, ISCA
Shawn Chaput, CISA, CISM, CISSP
Maria Gonzalez, CISA, CISM
John Ho Chi, CISA, CISM, CBCP, CFE
Andrew MacLeod, CISA, FCPA, MACS, PCP
John G. Ott, CISA, CPA
Edgard Pelcher, CISA
Jason Thompson, CISA, CIA, CISSP
Meera Venkatesh, CISA, CISM, ACS, CISSP
STANDARDS BOARD
Capco IT Services India Private Ltd, India, Chair
PMP, Canada
Homeland Office, Spain
Ernst & Young, Singapore
Brisbane City Council, Australia
AmerisourceBergen, USA
Office of the Auditor General of South Africa, South Africa
KPMG LLP, USA
Microsoft Corporation, USA
IS Auditing Standards Disclaimer
ISACA has designed this guidance as of the minimum level of acceptable performance required to meet the professional
responsibilities set out in the ISACA Code of Professional Ethics for IS auditors. ISACA makes no claim that use of this
product will assure a successful outcome. The publication should not be considered inclusive of all proper information,
procedures and tests or exclusive of other information, procedures and tests that are reasonably directed to obtaining the
same results. In determining the propriety of any specific information, procedure or test, the security and control
professional should apply his/her own professional judgement to the specific circumstances presented by the particular
systems or information technology environment.
IS Auditing Standards Disclosure and Copyright Notice
?2009 ISACA. All rights reserved. No part of this publication may be used, copied, reproduced, modified, distributed,
displayed, stored in a retrieval system, or transmitted in any form by any means (electronic, mechanical, photocopying,
recording or otherwise), without the prior written authorisation of ISACA. Reproduction of all or portions of this publication
is solely permitted for academic, internal and non-commercial use, and must include full attribution as follows: "? 2009
ISACA. This document is reprinted with the permission of ISACA." No other right or permission is granted with respect to
this publication.
3701 Algonquin Road, Suite 1010
Rolling Meadows, IL 60008 USA
Telephone: +1.847.253.1545
Fax: +1.847.253.1443
E-mail: standards@
Web site:
? 2009 ISACA All rights reserved. Page 2
Table of Contents
Page
Code of Professional Ethics
4
How to Use this Publication
5
IS Auditing Standards Overview
6
Index of IS Auditing Standards, Guidelines and Procedures
7
IS Auditing Standards
9
Alpha List of IS Auditing Guidelines
27
IS Auditing Guidelines
28
IS Auditing Procedures
214
IS Control Professionals Standards
314
History
315
ISACA Standards Document Comment Form
316
3
Code of Professional Ethics
The Information Systems Audit and Control Association?, Inc. (ISACA) sets forth this Code of Professional Ethics to guide
the professional and personal conduct of members of the Association and/or its certification holders.
Members and ISACA Certification holder¡¯s shall:
1.
Support the implementation of, and encourage compliance with, appropriate standards, procedures and controls for
information systems.
2.
Perform their duties with due diligence and professional care, in accordance with professional standards and best
practices.
3.
Serve in the interest of stakeholders in a lawful and honest manner, while maintaining high standards of conduct and
character, and not engage in acts discreditable to the profession.
4.
Maintain the privacy and confidentiality of information obtained in the course of their duties unless disclosure is
required by legal authority. Such information shall not be used for personal benefit or released to inappropriate
parties.
5.
Maintain competency in their respective fields and agree to undertake only those activities, which they can
reasonably expect to complete with professional competence.
6.
Inform appropriate parties of the results of work performed; revealing all significant facts known to them.
7.
Support the professional education of stakeholders in enhancing their understanding of information systems security
and control.
Failure to comply with this Code of Professional Ethics can result in an investigation into a member¡¯s or certification
holder¡¯s conduct and, ultimately, in disciplinary measures.
4
How to Use this Publication
Relationship of Standards to Guidelines and Procedures
IS Auditing Standards are mandatory requirements for certification holders¡¯ reports on the audit and its findings. IS
Auditing Guidelines and Procedures are detailed guidance on how to follow those standards. The IS Auditing Guidelines
are guidance an IS auditor will normally follow with the understanding that there may be situations where the auditor will
not follow that guidance. In this case, it will be the IS auditor's responsibility to justify the way in which the work is done.
The procedure examples show the steps performed by an IS auditor and are more informative than IS Auditing
Guidelines. The examples are constructed to follow the IS Auditing Standards and the IS Auditing Guidelines and provide
information on following the IS Auditing Standards. To some extent, they also establish best practices for procedures to
be followed.
Codification
Standards are numbered consecutively as they are issued, beginning with S1
Guidelines are numbered consecutively as they are issued, beginning with G1
Procedures are numbered consecutively as they are issued, beginning with P1.
Use
It is suggested that during the annual audit program, as well as individual reviews throughout the year, the IS auditor
should review the standards to ensure compliance with them. The IS auditor may refer to the ISACA standards in the
report, stating that the review was conducted in compliance with the laws of the country, applicable audit regulations and
ISACA standards.
Electronic Copies
All ISACA standards, guidelines and procedures are posted on the ISACA web site at standards.
Glossary
A full glossary of terms can be found on the ISACA web site at glossary.
5
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- learning to program with visual basic and net
- a summary of the us constitution pbs
- is standards guidelines and procedures for auditing and
- the purdue owl sample outlines
- board roles and responsibilities
- microsoft teams https l meetup join
- nys certified mwbe s contact list
- 03 script for conducting elections
- sample club constitution and bylaws guidelines
- microeconomics pearson
Related searches
- cms guidelines for history and physical
- financial policies and procedures examples
- guidelines for surgery and procedures
- nonprofit policies and procedures template
- financial policies and procedures manual
- nonprofit policies and procedures samples
- policies and procedures for nonprofits
- accounting policies and procedures template
- jcaho policies and procedures manual
- cash policies and procedures manual
- cash policy and procedures sample
- nonprofit policy and procedures manual