cisa-d1-auditing-process-audit-project-management

Audit Project Management

isaca-cisa · framework · Production-ready

Drawn fromCISA Review Manual · ISACA peer-reviewed case sets·Reviewed May 4, 2026

How this was built ▾

Every cubelet runs through five agent passes before publishing. Each stage's output is recorded so we can trace how a claim got here.

01 · RESEARCHSource synthesisClaude Haiku
02 · WRITERSix-face draftingClaude Sonnet
03 · EDITORCoherence + clarity passClaude Sonnet
04 · QAQuality gate scoringClaude Opus
05 · PUBLISHERCatalog + graph commitClaude Haiku

This runcourse-factory-pipeline-v1

1

Face 1 of 6 · WHAT

What is Audit Project Management

Audit Project Management is the structured discipline of planning, scheduling, resourcing, executing, and closing an IS audit engagement as a managed project. It applies project management principles — scope definition, resource allocation, timeline development, risk management, stakeholder communication, and quality assurance — within the specific constraints of the IS audit function. Unlike general project management, audit project management must simultaneously satisfy professional auditing standards (ISACA GISAS, IIA Standards), regulatory documentation requirements (SOX, HIPAA, GDPR, NIS2), and organizational risk priorities. The output is not merely a completed audit but a defensible, documented audit project record that can withstand regulatory inspection, management challenge, and quality assurance review.

Where it stops · what it isn't

—IS: Planning and managing the lifecycle of an audit engagement from initiation through closure — scope, schedule, resources, stakeholder communication, and QA milestones.
—IS NOT: Audit fieldwork itself (control testing, sampling, evidence collection) — audit project management governs when and how those activities are organized, not the technical audit procedures.
—IS NOT: General enterprise project management (e.g., managing an IT implementation or product launch) — audit project management operates under auditor independence requirements, documentation standards, and QA obligations that do not apply to non-audit projects.
—IS NOT: Audit risk assessment or risk-based audit planning at the portfolio level — audit project management operates at the individual engagement level, though it must align with the risk-based annual audit plan.
—IS: Managing scope creep, resource conflicts, schedule dependencies, stakeholder expectations, and quality gates within a single audit engagement.
—IS NOT: Audit committee governance or enterprise risk management, though audit project outputs inform both.

Connected concepts in the graph

Every cubelet sits in a knowledge graph. Here's what this one connects to.

PART OF

IS Audit Process (ISACA CISA Domain 1)

REQUIRES

Risk-Based Audit PlanningAudit Scope Definition

ENABLES

Audit Fieldwork ExecutionAudit Reporting and CommunicationRegulatory Compliance Demonstration (SOX, HIPAA, NIS2)

RELATED TO

Audit Sampling and Evidence CollectionAudit Quality Assurance

CONSTRAINS

Continuous Auditing Models

Practice this judgment ↗

Adaptive, ~8 min

Sit in the practitioner's chair ↗

Live simulator

06 · APPLYSign up to enter the judgment simulator →

Watch your judgment grow on this concept

Create a free account to unlock all 6 faces, the judgment simulator, and a mastery score that updates with every attempt.