Gathering Audit Evidence” section of Ch. 3, “Audit Process,” of CISA^®: Certified Information Systems Auditor Study Guide; and Ch. 36, “Preventing and Investigating Information Technology Fraud,” of Auditor’s Guide to IT Auditing.

As part of your internship, you will be asked to collect any IS/IT evidence in an incident. You must exercise due care when gathering evidence. The senior auditor you are working with has asked you several questions related to this process:

• What are the categories of audit standards you will use?
• What will you do when you gather evidence of an incident?
• Why do you need to know the positions of duties of IS/IT employees as well as managers in terms of evidence collection?
• How will you grade evidence?
• Why does the audit process consider fraud?
• What are internal controls?

Prepare a 1- to 2-page memo in Microsoft^® Word to the senior auditor you’re working with to briefly answer each question.

Include a definition of what an information technology assurance framework is and how it relates to recognizing and gathering evidence