This appendix discusses the following topics
• Auditing in the real world
• Carrying out the IS audit cycle
• Internal audits versus external audits
• Ethics and independence
• Writing audit reports
The goals and structure of this appendix are slightly different from the rest of this book. Whereas Chapters 1 through 6 convey information to the CISA candidate, here, the focus shifts to the professional world of the information systems (IS) auditor. It addresses the nature of different professional engagements common to information systems auditors. I review the stages of and responsibilities involved in performing a risk-based information systems audit for both internal and external auditors. This appendix ...