Certified Information Systems Auditor Practice Exam

The approved audit charter is the document that clearly outlines the overall authority to perform an information systems (IS) audit. It serves as the formal agreement between the audit function and the organization, establishing the purpose, authority, responsibilities, and scope of the audit. The charter is critical because it not only defines the audit's objectives but also ensures that the audit team has the necessary access to information, personnel, and resources to conduct a thorough audit.

It provides clarity on the independence of the audit function and reinforces its authority to carry out its role without interference. Additionally, the audit charter usually includes provisions about reporting structures, which further legitimizes the audit's position within the organization.

In contrast, the internal compliance policy refers to guidelines for ensuring compliance with regulations and standards, but does not grant the authority to audit. The risk assessment report identifies potential risks but does not establish the authority to conduct audits. The audit feedback form is typically used for gathering feedback on the audit process itself but is not a foundational document that grants auditing authority.