Top-down, risk based approach that considers materiality and significance in determining effective and efficient audit procedures and is tailored to achieve the audit objectives.
Evaluation of entity-wide controls and their effect on audit risk.
Evaluation of general controls and their pervasive impact on business process application controls.
Evaluation of security management at all levels (entitywide, system, and business process application levels).
A control hierarchy (control categories, critical elements, and control activities) to assist in evaluating the significance of identified IS control weaknesses
Groupings of control categories consistent with the nature of the risk.
Experience gained in GAO’s performance and review of IS control audits, including field testing the concepts in this revised FISCAM.
No comments:
Post a Comment