4. Internal Controls: These are usually policies, procedures, and organizational structures that are used to reduce the risk to the organization.
The effective implementation of an internal control system is the responsibility of the board.
Remember: The CISA question on internal controls should be answered by the top management (BoD CEO, CIO, CISO, etc.) based on the available options. Classification of internal control:
Preventive Controls
Detective controls
Corrective controls

Remember that the CISA question will be scenario-based. This means that the candidate must have a good understanding of all three controls. Preventive Controls: These internal controls are used to prevent an event from happening that could affect the achievement of organizational goals. These are some examples of preventive controls activities:
Background checks for employees
Training for employees and certifications
Access to asset storage areas protected by password
Physical locks for inventory warehouses
Security camera systems
Segregation of duties (i.e. Recording, authorization, custody are all handled separately
Detective controls: These are used to determine when preventive measures have not been effective in preventing errors or irregularities, especially in relation to asset protection. These are some examples of detective control activities:
Bank reconciliations
control totals
Physical inventory counts
Reconciliation of the general ledgers and the detailed subsidiary ledgers
Internal audit functions
Corrective controls: If a problem is identified by detective control activities, corrective control activities should examine the issue and create a plan to prevent it from happening again. Corrective control activities include:
Data backups can be used in the event of a fire, flood, or other disaster to recover lost data
Data validity tests may be required to verify data inputs if the amounts are not within a reasonable range.
Insurance can be used to replace stolen or damaged assets
Management variance reports can be used to highlight variances between budget and actual in order to take corrective action.
To prevent future mistakes and irregularities, training and operations manuals may be revised
5. ISACA develops COBIT
A comprehensive framework to assist enterprises in achieving their goals for the governance and management enterprise IT (GEIT).
COBIT 5 is based on 7 enablers and 5 principles
5 Principles 7 Enablers1. Meeting the needs of shareholders1. Frameworks, Policies, and Principles End-to-End coverage2. Processes3. Holistic Approach3. Organizational Structures Integrated Framework4. Culture, ethics and behavior5. Management and separate governance Information 6. Services, Infrastructure, and Applications 7. People, Skills, and Competencies (Note: A CISA candidate won’t be asked to identify the COBIT process, COBIT domains, or the set IT processes in each. Candidates should be able to identify the frameworks, their purpose, and why they are used in enterprises.
6. Auditing based on risk
The following should be the audit approach:
Step 1: Gather all information available and plan through review prior year’s audit results, financial information, and inherent risk assessments
Step 2: Understanding existing internal controls through analysis of control procedures, detection risks assessment
Step 3 – Perform compliance tests by identifying key controls that will be tested
Step 4 – Perform substantive testing through test of account balances and analytical procedures
Step 5 – End the audit &#

Related Posts

Apache Kafka – What Is It?

The Kafka project, which was created by LinkedIn in 2012 and adopted to by Apache, is a public subscribe distributed message system. This post will provide an…

Apache Kafka Tutorial – A Quick Introduction

Kafka is a key technology that has gained widespread attention in recent years. The popularity of Apache Kafka tutorials is evident. We can see the extraordinary rise…

Apache Kafka Fundamentals Training Course launched

Data is the most important asset of all individuals and businesses in today’s world. The demand for different platforms, technologies, frameworks, and tools to use the vast…

Apache Hive – Faster and better Hadoop SQL

Hadoop is a popular technology that handles petabytes in data for enterprise applications. Enterprises often work in a tight time frame and require fast analysis of the…

Data Science Interview Questions and Responses 2022 (UPDATED).

Top Data Science Interview Questions & Answers Over the years, data science jobs have been in demand at an exponential rate. This blog will help you learn…

Data Science Guide 2022

A Comprehensive Guide to Data Science Since its inception, data science has been the talk at the town. To become a professional in Data science, there are…