ISACA has a free glossary of IT, audit, and security terms that is not only helpful in studying for the CISA exam, but is a good reference guide for new and experienced auditors.
Tag Archives: sampling
The Institute of Internal Auditors (IIA) has back-to-basics articles for new auditors (and like Dummies books, the topics can be a reference for the rest of us). Even security pros might want to read a few of these to better understand their auditors, or how those auditors should be doing their jobs.
The topics are as follows (no special order):
A couple of us were arguing about the differences between random, haphazard, and judgmental sampling. One person said that picking samples here and there manually was random sampling. I argued the method described was actually haphazard sampling. Another said that haphazard sampling was not appropriate and that “audit judgment” was valued, not haphazard sampling.