IS Auditor Checklist: Management of the IS Audit Function(Domain 1.2.2)

This checklist is based on section 1.2.2 "Management of the IS Audit Function" of the CISA Review Manual and is designed to help IS auditors assess the effectiveness of the IS audit function's management.

Importance is categorized as follows:

High: Critical for ensuring the effectiveness and independence of the IS audit function.
Medium: Important for the efficiency and effectiveness of the IS audit function.
Low: Good practice for the IS audit function.

High Importance:

1. Audit Charter:

Review the audit charter:
- Is it formally documented and approved by the board of directors or audit committee?
- Does it clearly define the IS audit function's responsibilities, authority, and accountability?
- Is it reviewed and updated periodically?
- ⛔️ Audit Charter

2. Independence and Objectivity:

Assess the organizational independence of the IS audit function:
- Does the IS audit function report to a level within the organization that allows for objective and unbiased audit findings?
- Is the IS audit function free from undue influence?
- ⛔️ Organizational Independence
Assess the professional independence of the IS audit team:
- Do the IS auditors have any conflicts of interest that could impair their objectivity?
- Are the IS auditors free from personal or financial relationships that could influence their judgment?
- ⛔️ Professional Independence

3. Proficiency and Due Professional Care:

Evaluate the technical competence of the IS audit team:
- Do the IS auditors have the necessary skills and knowledge to perform the audit work?
- Are the IS auditors maintaining their technical competence through continuing professional education?
- ⛔️ Proficiency
Assess whether the IS audit team is exercising due professional care:
- Are the IS auditors performing their work with diligence and skepticism?
- Are the IS auditors adequately documenting their work?
- ⛔️ Due Professional Care

Medium Importance:

4. IS Audit Resource Management:

Review the IS audit function's resource management practices:
- Are there sufficient resources (staff, budget, tools) to effectively perform the audit work?
- Is there a process for allocating resources to individual audit assignments?
- Is there a staff training plan to ensure that the IS audit team has the necessary skills and knowledge?

5. Quality Assurance and Improvement:

Review the IS audit function's quality assurance program:
- Is there a program in place to ensure the quality of the audit work?
- Is the program effective in identifying and addressing any deficiencies in the audit work?
- ⛔️ Quality Assurance

Low Importance: