To understand the material required for the exam, you must first understand what an auditor is and is not. An IS auditor is responsible for assessing the strength and effectiveness of controls that are designed to protect information systems, and to ensure that audit engagements are planned, designed, and reviewed based on the assessed level of risk that irregular and illegal acts might occur. These acts could be material to the subject matter of the IS auditor's report. The IS auditor is not qualified to determine whether an irregular, illegal, or erroneous act has occurred, but has the responsibility to report suspected acts to the appropriate parties. Determining whether information systems safeguard assets and maintaining data integrity are the primary objectives of an IS audit function. |