CISA Audit Process #12

IT Application Audit

The objectives of an IT applicaton audit are to evaluate:

The efficiency of the application in meeting the business processes

The impact of any exposures discovered

The business processes served by the application

The appliction's optimization

However, if a IT auditor is performing a review of an application's controls

It will involves the evaluation of the application's automated controls and an assessment of any

exposures resulting from the control weakness.

Related Tags: IT Audit, IT governance, Application Audit, IT controls, SOX, ISO27001, Business Continuity

CISA 2007 - Audit Process # 11

Auditing Inventory Applicaton

In an audit of an inventory application, the approach which would provide the BEST evidence that purchase orders are valid is testing whether inappropriate personnel can change application parameters.

Tracing purchase orders to a computer listing, comparing receiving reports to purchase order details are after-the fact approaches

Reviewing the application documentation will not give the actual scenario as it is only theory.

Related Tags: IT audit, IT compliance, IT governance, IT security, SOX, ISO 27001, Encryption

Audit Process #10

Computer Forensic Software

Computer Forensic Software is only utilised if there is a need to collect digital evidence from Information Processing devices such as laptops, computers , PDAs etc. to press charges against fraud, cheat and other computer related crimes.


Computer Forensic Software is most useful for preservation of the chain of custody for electronic evidence

A good Computer Forensic Software should be efficient, effective, time and cost savings.

Another characteristic of a computer forensic software is that it is able to search for violations of intellectual property rights


Related Tags: IT compliance, IT governance, IT audit, IT Forensic, ISO 27001, IT risks