General Guideline Questionnaire - Isaca

ISACA IS Audit and Assurance General Guideline (2000 series) Exposure
Drafts
First introduced in 1988, the IS Audit and Assurance Standards define
mandatory requirements for information systems (IS) auditing and
reporting. They inform management of the expectations regarding the work
of practitioners and ensure that practitioners understand the minimum
level of acceptable performance required to meet professional
responsibilities. Professionals who hold the Certified Information
Systems Auditor (CISA) certification must comply with these standards.
While the standards continue to be reviewed periodically to ensure they
remain relevant, in 2012, the Professional Standards and Career
Management Committee (PSCMC) revised and restructured all 17 standards to
include the definitions of key terms, provide additional clarity and
align with other global auditing bodies. The revised standards were
integrated into the ITAF framework and published in July 2013 with an
effective date of 1 November 2013.
The exposed guidelines are designed to support IS audit and assurance
professionals in achieving compliance with the ISACA standards.
In an effort for continuous improvement, the PSCMC:
. Reviewed each guideline for relevance to the ISACA standards
. Delineated guideline scopes and redefined the appropriate level of
detail
. Reviewed and updated each guideline to make it more useable by the
professional.
. Selected a modular approach to present each guideline
. Cross-referenced guidelines to the standards they support and enhanced
the guideline structure for easier navigation
. Used simpler and clearer language
. Included key terms within each guideline
Where applicable, terminology was aligned with relevant IIA and IFAC
terminology.
This questionnaire provides an opportunity for constructive feedback.
Each question addresses a separate aspect of the DRAFT guidelines:
1. Content within each classification area
2. Alignment of guidelines with ISACA standards and other ISACA guidance
3. Guideline content and structure
NOTE:
. A link to this questionnaire is also posted in Word format on page
ww.isaca.org/standardexposure
. To avoid timeout if you have the questionnaire open for more than 60
minutes, please download the Word version and complete it at your
leisure; then cut and paste your feedback into the online
questionnaire.
. If you would like us to be able to identify your responses, please
provide your email address in the last question.
CPE credit for participation is described at the end of the survey.
There are 47 questions in this survey Content Within Classification Areas and Definitions
These guidelines are designed to directly support the achievement of
compliance with the ISACA IS auditing and assurance standards. Each
guideline is listed in one of three classifications:
. General
. Performance
. Reporting The following questions requests feedback of the high-level content within
each of the classification areas. 1. The guidelines are organised appropriately and cover the content within
the General classification area.
Please choose only one of the following:
. Yes
. No 2. If you do not agree that the guidelines appropriately cover the content
within the General classification area, please explain why and indicate
what changes you suggest.
Please write your answer here:
3. The definitions in the guidelines are clear and complete.
Please choose only one of the following:
. Strongly Agree
. Agree
. Disagree
. Strongly Disagree
. No opinion 4. If you do not agree that the guideline definitions are clear and
complete, indicate which definitions and provide suggestions for
improvement.
Please write your answer here: 2001 Audit Charter 5. 2001 Audit Charter supports the standards listed in section 3 (1001
Audit Charter, 1002 Organisational Independence and 1003 Professional
Independence).
Please choose only one of the following:
. Strongly Agree
. Agree
. Disagree
. Strongly Disagree 6. Did 2001 Audit Charter support your understanding of the standards?
Please choose the appropriate response for each item:
| |Accurate |Complete |Relevant |Clear and |Appropriate |Well |
| | | | |concise |level of |structured |
| | | | | |detail | |
|Strongl|[pic] |[pic] |[pic] |[pic] |[pic] |[pic] |
|y agree| | | | | | |
|Agree |[pic] |[pic] |[pic] |[pic] |[pic] |[pic] |
|Disagre|[pic] |[pic] |[pic] |[pic] |[pic] |[pic] |
|e | | | | | | |
|Strongl|[pic] |[pic] |[pic] |[pic] |[pic] |[pic] |
|y | | | | | | |
|disagre| | | | | | |
|e | | | | | | |
|No |[pic] |[pic] |[pic] |[pic] |[pic] |[pic] |
|opinion| | | | | | | 7. In 2001 Audit Charter, the linkage listed in section 3 to COBIT 5
process MEA02 is appropriate.
Please choose only one of the following:
. [pic]Yes
. [pic]No 8. Provide and additions/revisions to the COBIT linkage in 2001 Audit
Charter.
Please write your answer here: 9. Provide any suggested revisions for 2001 Audit Charter. Identify the
section number.
Please write your answer here: 2002 Organisational Independence 10. 2002 Organisational Independence supports the standards listed in
section 3 (1001 Audit Charter, 1002 Organisational Independence, 1003
Professional Independence, 1004 Reasonable Expectation and 1006
Proficiency).
Please choose only one of the following:
. Strongly Agree
. Agree
. Disagree
. Strongly Disagree 11. Did 2002 Organisational Independence support your understanding of the
standards?
Please choose the appropriate response for each item:
| |Accurate |Complete |Relevant |Clear and |Appropriate |Well |
| | | | |concise |level of |structured |
| | | | | |detail | |
|Strongl|[pic] |[pic] |[pic] |[pic] |[pic] |[pic] |
|y agree| | | | | | |
|Agree |[pic] |[pic] |[pic] |[pic] |[pic] |[pic] |
|Disagre|[pic] |[pic] |[pic] |[pic] |[pic] |[pic] |
|e | | | | | | |
|Strongl|[pic] |[pic] |[pic] |[pic] |[pic] |[pic] |
|y | | | | | | |
|disagre| | | | | | |
|e | | | | | | |
|No |[pic] |[pic] |[pic] |[pic] |[pic] |[pic] |
|opinion| | | | | | | 12. In 2002 Organisational Independence, the linkage to COBIT 5 processes
(EDM01, APO01 and MEA02) are appropriate.
Please choose only one of the following:
. Yes
. No 13. Provide and additions/revisions to the COBIT linkage in 2002
Organisational Independence.
Please write your answer here: 14. Provide any suggested revisions for 2002 Organisational Independence.
Identify the section number.
Please write your answer here: 2003 Professional Independence 15. Did 2003 Professional Independence support your understanding of the
standards?
Please choose only one of the following:
. Strongly Agree
. Agree
. Disagree
. Strongly Disagree 16. Check the appropriate box for your evaluation of the information in
2003 Professional Independence.
Please choose the appropriate response for each item:
| |Accurate |Complete |Relevant |Clear and |Appropriate |Well |
| | | | |concise |level of |structured |
| | | | | |detail | |
|Strongl|[pic] |[pic] |[pic] |[pic] |[pic] |[pic] |
|y agree| | | | | | |
|Agree |[pic] |[pic] |[pic] |[pic] |[pic] |[pic] |
|Disagre|[pic] |[pic] |[pic] |[pic] |[pic] |[pic] |
|e | | | | | | |
|Strongl|[pic] |[pic] |[pic] |[pic] |[pic] |[pic] |
|y | | | | | | |
|disagre| | | | | | |
|e | | | | | | | 17. In 2003 Professional Independence, the linkage listed in section 3 to
COBIT 5 processes (MEA02 and MEA03) are appropriate.
Please choose only one of the following:
. Yes
. No 18. Provide and additions/revisions to the COBIT linkage in 2003
Professional Independence.
Please write your answer here:
19. Provide any suggested revisions for 2003 Professional Independence.
Identify the section number.
Please write your answer here: 2004 Reasonable Expectation 20. 2004 Reasonable Expectation supports the standards listed in section 3
(1001 Audit Charter, 1002 Organisational Independence and 1004 Reasonable
Expectation).
Please choose only one of the following:
. Strongly Agree
. Agree
. Disagree
. Strongly Disagree 21. Did 2004 Reasonable Expectation support your understanding