CISA: Knowledge Statement 1.1

goay xuan hui
2 min readAug 25, 2021


Knowledge Statement 1.1

  1. Credibility of an audit is based on commonly accepted standards.

2. ISACA is the global pioneer of IS assurance and audit that covers the below:

  • Code of professional ethics
  • Standards framework
  • Guidelines
  • Tools and Techniques

ISACA Code of Professional Ethics

  • Encourages compliance with appropriate standards, procedures and controls for information systems.
  • Supports professional education of stakeholders to enhance their understanding of information systems security and control.
  • Performs duties with due diligence and professional care in accordance with professional standards and best practices.
  • Serves in the interest of shareholders in lawful and honest manner without engaging in acts discreditable to the profession.
  • Informs appropriate parties about the results of work performed, revealing all significant facts known to them.
  • Maintains the privacy and confidentiality of information obtained unless disclosure required by a legal authority.
  • Maintains competency in respective fields and agree to only undertake those activities if they are in accordance with professional competence.

ISACA IT Audit and Assurance Standards Framework

The objectives of the standards framework is to inform:

  • IS Auditors of the bare minimum level of performance required to meet the professional responsibilities.
  • The Management of the profession requirement regarding the work of audit practitioners.
  • CISA Holders that failure to meet these standards results in a review of ISACA board of directors, which may ultimately result in disciplinary action.

ISACA IT Audit and Assurance Guidelines

Guidelines provide additional information on how to comply with the ISACA standards. Guidelines and documents are identified by a prefix G, followed by the number. There are 42 categories of guidelines.

G2 — Audit Evidence Requirement

G7 — Due Professional Care

G10 — Audit Sampling

G15 — Planning

G20 — Reporting

G28 — Computer Forensics

G38 — Access Controls (A common point to check during your audit)

G42 — Continuous Assurance



goay xuan hui

A food lover, a cyber security enthusiast, a musician and a traveller, so you will see a mix of different contents in my blog. ☺️