XXXX CISA考试重点摘要-安科睿信

12010CISA考试重点摘要C11.CSA(controlself-assessment)„Thesuccessofcontrolself-assessment(CSA)highlydependson:A.havinglinemanagersassumeaportionoftheresponsibilityforcontrolmonitoring.B.assigningstaffmanagerstheresponsibilityforbuilding,butnotmonitoring,controls.C.theimplementationofastringentcontrolpolicyandrule-drivencontrols.D.theimplementationofsupervisionandthemonitoringofcontrolsofassignedduties.Explanation:TheprimaryobjectiveofaCSAprogramistoleveragetheinternalauditfunctionbyshiftingsomeofthecontrolmonitoringresponsibilitiestothefunctionalarealinemanagers.Thesuccessofacontrolself-assessment(CSA)programdependsonthedegreetowhichlinemanagersassumeresponsibilityforcontrols.ChoicesB,CandDarecharacteristicsofatraditionalauditapproach,notaCSAapproach„WhenCSAprogramsareestablished,ISauditorsbecomeinternalcontrolprofessionalsandassessmentfacilitators.ISauditorsarethefacilitatorsandtheclient(managementandstaff)istheparticipantintheCSAprocess.DuringaCSAworkshop,insteadoftheISauditorperformingdetailedauditprocedures,theyshouldleadandguidetheclientsinassessingtheirenvironment.Manager,partnerandstakeholdershouldnotberolesoftheISauditor.Theserolesaremoreappropriatefortheclient.„TheobjectivesofCSAprogramsincludeeducationforlinemanagementincontrolresponsibilityandmonitoringandconcentrationbyallonareasofhighrisk.TheobjectivesofCSAprogramsincludetheenhancementofauditresponsibilities,notreplacementofauditresponsibilities.2.Dataflowdiagram:nohierarchy,nogeneration.„DataflowdiagramsareusedbyISauditorsto:A.orderdatahierarchically.B.highlighthigh-leveldatadefinitions.C.graphicallysummarizedatapathsandstorage.D.portraystep-by-stepdetailsofdatageneration.Explanation:Dataflowdiagramsareusedasaidstographorchartdataflowandstorage.Theytracethedatafromitsoriginationtodestination,highlightingthepathsandstorageofdata.Theydonotorderdatainanyhierarchy.Theflowofthedatawillnotnecessarilymatchanyhierarchyordatagenerationorder.3.AuditCharter„beapprovedbyhighestmanagement(auditcommitteealsowouldbebetter)2„Typicallysetsouttheroleandresponsibilityoftheinternalauditdepartment.Itshouldstatemanagement'sobjectivesforanddelegationofauthoritytotheauditdepartment.Itisrarelychangedanddoesnotcontaintheauditplanorauditprocess,whichisusuallypartofannualauditplanning,nordoesitdescribeacodeofprofessionalconduct,sincesuchconductissetbytheprofessionandnotbymanagement.4.Auditorisresponsibletoseniormanagementandauditcommittee.5.Substantivetest„DeterminetheIntegrityoftheactualprocessing,whichprovidesevidencesofthevalidityofthefinaloutcome.„Ex:recalculation,confirmation,verificationofoutcomesformotherinformationsourcesorobservation,Variablesampling„Whichofthefollowingisasubstantivetest?A.CheckingalistofexceptionreportsB.EnsuringapprovalforparameterchangesC.UsingastatisticalsampletoinventorythetapelibraryD.ReviewingpasswordhistoryreportsExplanation:Asubstantivetestconfirmstheintegrityofactualprocessing.Asubstantivetestwoulddetermineifthetapelibraryrecordsarestatedcorrectly.Acompliancetestdeterminesifcontrolsarebeingappliedinamannerthatisconsistentwithmanagementpoliciesandprocedures.Checkingtheauthorizationofexceptionreports,reviewingauthorizationforchangingparametersandreviewingpasswordhistoryreportsareallcompliancetests.6.Compliancetest:determinesifcontrolsarebeingappliedinamannerthatisconsistentwithmanagementpoliciesandprocedures„Attributesampling：‹Theprimarysamplingmethodusedforcompliancetestingtoconfirmwhetherthequalityexists.‹Toestimatetherateofoccurrenceofaspecificquality(attribute)inapopulation.7.Attributesamplingrefersto3differenttypes:„Attributesampling(fixedsample-sizeattributesampling/frequency-estimatingsampling):‹Estimatetherateofoccurrenceofaspecificqualityinapopulation‹Ex:approvalsignatureoncomputeraccessrequestform„stop-or-gosampling:‹已經預知會有相同大量的出現比率時可以停止‹allowsatesttobestoppedasearlyaspossibleandisnotappropriateforcheckingwhetherprocedureshavebeenfollowed„Discoverysampling:‹Theexpectedoccurrenceratesisextremelylow‹OftenUsedtodetectfraud8.Variablesampling:„Dollarormeanestimationsampling(estimatethemonetaryvalueorotherunitofmeasures,suchasweight)‹Stratified/unstratifiedmeanperunit‹Differenceestimation„estimatetheaverageorthetotalvalueofapopulationbasedonasample„statisticmodelusedtoprojectaquantitativecharacteristic„monetaryamount9.ITF(Integratedtestingfacility)：„usesthesameprogramstocompareprocessingusingindependentlycalculateddata„Anintegratedtestfacilitycreatesafictitiousentityinthedatabasetoprocesstesttransactionssimultaneouslywithliveinput.Itsadvantageisthatperiodictestingdoesnotrequireseparatetestprocesses.However,carefulplanningisnecessary,andtestdatamustbeisolatedfromproductiondata10.statisticalsampling:„AnISauditorshouldusestatisticalsamplingandnotjudgment(nonstatistical)sampling,when:A.theprobabilityoferrormustbeobjectivelyquantified.B.theauditorwishestoavoidsamplingrisk.C.generalizedauditsoftwareisunavailable.D.thetolerableerrorratecannotbedetermined.Explanation:Givenanexpectederrorrateandconfidencelevel,statisticalsamplingisanobjectivemethodof