cisa-d1-auditing-process-audit-data-analytics

Audit Data Analytics

isaca-cisa · framework · Production-ready

Drawn fromCISA Review Manual · ISACA peer-reviewed case sets·Reviewed May 4, 2026

How this was built ▾

Every cubelet runs through five agent passes before publishing. Each stage's output is recorded so we can trace how a claim got here.

01 · RESEARCHSource synthesisClaude Haiku
02 · WRITERSix-face draftingClaude Sonnet
03 · EDITORCoherence + clarity passClaude Sonnet
04 · QAQuality gate scoringClaude Opus
05 · PUBLISHERCatalog + graph commitClaude Haiku

This runcourse-factory-pipeline-v1

1

Face 1 of 6 · WHAT

What is Audit Data Analytics

Audit Data Analytics (ADA) is the systematic application of quantitative and qualitative analysis techniques to complete or near-complete audit populations — rather than samples — to identify anomalies, test controls, detect fraud indicators, and generate audit evidence. An IS auditor using ADA extracts structured data from enterprise systems (ERP, databases, access logs), transforms it into an analyzable format, applies statistical and algorithmic techniques, and interprets exceptions as the basis for audit findings. ADA is not data science, machine learning model development, or business intelligence reporting — it is a disciplined audit evidence collection and control-testing methodology that uses computational tools. It is also not a replacement for professional judgment: analytics identifies exceptions that auditors must investigate, interpret, and conclude upon.

Where it stops · what it isn't

—IS: A structured methodology for testing audit objectives against 100% of a data population using quantitative techniques — Benford's Law, duplicate detection, gap analysis, ratio analysis, outlier detection, and exception reporting.
—IS: A core component of the IS auditing process used to collect audit evidence, test controls, and support audit conclusions in workpapers.
—IS: Applicable to structured, machine-readable data from IT systems — ERP transactions, access logs, configuration data, and financial records.
—IS NOT: General business intelligence or management reporting — ADA is purpose-built to answer specific audit objectives, not to produce operational dashboards.
—IS NOT: A substitute for auditor judgment — analytics narrows focus to exceptions; the auditor investigates and concludes.
—IS NOT: Statistical or judgmental sampling — ADA tests 100% of the population, which is a fundamental distinction from sampling methodologies.
—IS NOT: AI/ML model development — auditors must interpret algorithmic outputs, but CISA does not require building ML models.
—IS NOT: Directly applicable to unstructured data (email text, images, voice) without preprocessing tools outside standard ADA scope.

Connected concepts in the graph

Every cubelet sits in a knowledge graph. Here's what this one connects to.

PART OF

Information Systems Auditing Process (CISA Domain 1)

REQUIRES

Audit Evidence Collection TechniquesRisk-Based Audit Planning

RELATED TO

Audit Testing and Sampling MethodologyAudit Reporting and Communication Techniques

ENABLES

Continuous Auditing and Monitoring (CAM)Fraud Detection and Investigation

CONSTRAINS

Data Governance and Data Quality Management

Practice this judgment ↗

Adaptive, ~8 min

Sit in the practitioner's chair ↗

Live simulator

06 · APPLYSign up to enter the judgment simulator →

Watch your judgment grow on this concept

Create a free account to unlock all 6 faces, the judgment simulator, and a mastery score that updates with every attempt.