“Gathering Audit Evidence,” section of Ch. 3, “Audit Process,” of CISA® Certified Information Systems Auditor® Study Guide.
As part of your internship, you will be asked to collect any IS incident. You must exercise due care when gathering evidence. The audit professional you are working with has asked you several questions related to this process:
- What are the categories of audit standards you will use?
- What will you do when you gather evidence of an incident?
- Why do you need to know the positions of duties of IS employees as well as managers in terms of evidence collection?
- How will you grade evidence?
Prepare and submit notes that document the answers to these evidence collection and documentation requirements. Each answer must be at least 150 words. Include a definition of information technology assurance framework and how it relates to recognizing and gathering evidence.