Book description
Step-by-step guide to successful implementation and control of IT systems—including the Cloud
Many auditors are unfamiliar with the techniques they need to know to efficiently and effectively determine whether information systems are adequately protected. Now in a Second Edition, Auditor's Guide to IT Auditing presents an easy, practical guide for auditors that can be applied to all computing environments.
Follows the approach used by the Information System Audit and Control Association's model curriculum, making this book a practical approach to IS auditing
Serves as an excellent study guide for those preparing for the CISA and CISM exams
Includes discussion of risk evaluation methodologies, new regulations, SOX, privacy, banking, IT governance, CobiT, outsourcing, network management, and the Cloud
As networks and enterprise resource planning systems bring resources together, and as increasing privacy violations threaten more organization, information systems integrity becomes more important than ever. Auditor's Guide to IT Auditing, Second Edition empowers auditors to effectively gauge the adequacy and effectiveness of information systems controls.
Table of contents
- Cover
- Series
- Title Page
- Copyright
- Dedication
- Preface
-
Part I: IT Audit Process
- Chapter 1: Technology and Audit
-
Chapter 2: IT Audit Function Knowledge
- INFORMATION TECHNOLOGY AUDITING
- WHAT IS MANAGEMENT?
- MANAGEMENT PROCESS
- UNDERSTANDING THE ORGANIZATION’S BUSINESS
- ESTABLISHING THE NEEDS
- IDENTIFYING KEY ACTIVITIES
- ESTABLISH PERFORMANCE OBJECTIVES
- DECIDE THE CONTROL STRATEGIES
- IMPLEMENT AND MONITOR THE CONTROLS
- EXECUTIVE MANAGEMENT’S RESPONSIBILITY AND CORPORATE GOVERNANCE
- AUDIT ROLE
- CONCEPTUAL FOUNDATION
- PROFESSIONALISM WITHIN THE IT AUDITING FUNCTION
- RELATIONSHIP OF INTERNAL IT AUDIT TO THE EXTERNAL AUDITOR
- RELATIONSHIP OF IT AUDIT TO OTHER COMPANY AUDIT ACTIVITIES
- AUDIT CHARTER
- CHARTER CONTENT
- OUTSOURCING THE IT AUDIT ACTIVITY
- REGULATION, CONTROL, AND STANDARDS
- Chapter 3: It Risk and Fundamental Auditing Concepts
- Chapter 4: Standards and Guidelines for IT Auditing
-
Chapter 5: Internal Controls Concepts Knowledge
- INTERNAL CONTROLS
- COST/BENEFIT CONSIDERATIONS
- INTERNAL CONTROL OBJECTIVES
- TYPES OF INTERNAL CONTROLS
- SYSTEMS OF INTERNAL CONTROL
- ELEMENTS OF INTERNAL CONTROL
- MANUAL AND AUTOMATED SYSTEMS
- CONTROL PROCEDURES
- APPLICATION CONTROLS
- CONTROL OBJECTIVES AND RISKS
- GENERAL CONTROL OBJECTIVES
- DATA AND TRANSACTIONS OBJECTIVES
- PROGRAM CONTROL OBJECTIVES
- CORPORATE IT GOVERNANCE
- COSO AND INFORMATION TECHNOLOGY
- GOVERNANCE FRAMEWORKS
- NOTES
- Chapter 6: Risk Management of the IT Function
- Chapter 7: Audit Planning Process
-
Chapter 8: Audit Management
- PLANNING
- AUDIT MISSION
- IT AUDIT MISSION
- ORGANIZATION OF THE FUNCTION
- STAFFING
- IT AUDIT AS A SUPPORT FUNCTION
- PLANNING
- BUSINESS INFORMATION SYSTEMS
- INTEGRATED IT AUDITOR VERSUS INTEGRATED IT AUDIT
- AUDITEES AS PART OF THE AUDIT TEAM
- APPLICATION AUDIT TOOLS
- ADVANCED SYSTEMS
- SPECIALIST AUDITOR
- IT AUDIT QUALITY ASSURANCE
-
Chapter 9: Audit Evidence Process
- AUDIT EVIDENCE
- AUDIT EVIDENCE PROCEDURES
- CRITERIA FOR SUCCESS
- STATISTICAL SAMPLING
- WHY SAMPLE?
- JUDGMENTAL (OR NON-STATISTICAL) SAMPLING
- STATISTICAL APPROACH
- SAMPLING RISK
- ASSESSING SAMPLING RISK
- PLANNING A SAMPLING APPLICATION
- CALCULATING SAMPLE SIZE
- QUANTITATIVE METHODS
- PROJECT-SCHEDULING TECHNIQUES
- SIMULATIONS
- COMPUTER-ASSISTED AUDIT SOLUTIONS
- GENERALIZED AUDIT SOFTWARE
- APPLICATION AND INDUSTRY-RELATED AUDIT SOFTWARE
- CUSTOMIZED AUDIT SOFTWARE
- INFORMATION-RETRIEVAL SOFTWARE
- UTILITIES
- ON-LINE INQUIRY
- CONVENTIONAL PROGRAMMING LANGUAGES
- MICROCOMPUTER-BASED SOFTWARE
- TEST TRANSACTION TECHNIQUES
- Chapter 10: Audit Reporting Follow-up
-
Part II: Information Technology Governance
- Chapter 11: Management
-
Chapter 12: Strategic Planning
- STRATEGIC MANAGEMENT PROCESS
- STRATEGIC DRIVERS
- NEW AUDIT REVOLUTION
- LEVERAGING IT
- BUSINESS PROCESS RE-ENGINEERING MOTIVATION
- IT AS AN ENABLER OF RE-ENGINEERING
- DANGERS OF CHANGE
- SYSTEM MODELS
- INFORMATION RESOURCE MANAGEMENT
- STRATEGIC PLANNING FOR IT
- DECISION SUPPORT SYSTEMS
- STEERING COMMITTEES
- STRATEGIC FOCUS
- AUDITING STRATEGIC PLANNING
- DESIGN THE AUDIT PROCEDURES
- NOTE
- Chapter 13: Management Issues
- Chapter 14: Support Tools and Frameworks
- Chapter 15: Governance Techniques
-
Part III: Systems and Infrastructure Lifecycle Management
- Chapter 16: Information Systems Planning
- Chapter 17: Information Management and Usage
- Chapter 18: Development, Acquisition, and Maintenance of Information Systems
- Chapter 19: Impact of Information Technology on the Business Processes and Solutions
- Chapter 20: Software Development
- Chapter 21: Audit and Control of Purchased Packages and Services
- Chapter 22: Audit Role in Feasibility Studies and Conversions
- Chapter 23: Audit and Development of Application Controls
- Part IV: Information Technology Service Delivery and Support
-
Part V: Protection of Information Assets
-
Chapter 26: Information Assets Security Management
- WHAT IS INFORMATION SYSTEMS SECURITY?
- CONTROL TECHNIQUES
- WORKSTATION SECURITY
- PHYSICAL SECURITY
- LOGICAL SECURITY
- USER AUTHENTICATION
- COMMUNICATIONS SECURITY
- ENCRYPTION
- HOW ENCRYPTION WORKS
- ENCRYPTION WEAKNESSES
- POTENTIAL ENCRYPTION
- DATA INTEGRITY
- DOUBLE PUBLIC KEY ENCRYPTION
- STEGANOGRAPHY
- INFORMATION SECURITY POLICY
- NOTES
- Chapter 27: Logical Information Technology Security
- Chapter 28: Applied Information Technology Security
- Chapter 29: Physical and Environmental Security
-
Chapter 26: Information Assets Security Management
- Part VI: Business Continuity and Disaster Recovery
-
Part VII: Advanced IT Auditing
-
Chapter 32: Auditing E-commerce Systems
- E-COMMERCE AND ELECTRONIC DATA INTERCHANGE: WHAT IS IT?
- OPPORTUNITIES AND THREATS
- RISK FACTORS
- THREAT LIST
- SECURITY TECHNOLOGY
- “LAYER” CONCEPT
- AUTHENTICATION
- ENCRYPTION
- TRADING PARTNER AGREEMENTS
- RISKS AND CONTROLS WITHIN EDI AND E-COMMERCE
- E-COMMERCE AND AUDITABILITY
- COMPLIANCE AUDITING
- E-COMMERCE AUDIT APPROACH
- AUDIT TOOLS AND TECHNIQUES
- AUDITING SECURITY CONTROL STRUCTURES
- COMPUTER-ASSISTED AUDIT TECHNIQUES
- NOTES
- Chapter 33: Auditing UNIX/Linux
- Chapter 34: Auditing Windows VISTA and Windows 7
- Chapter 35: Foiling the System Hackers
- Chapter 36: Preventing and Investigating Information Technology Fraud
-
Chapter 32: Auditing E-commerce Systems
- Appendix A: Ethics and Standards for the IS Auditor
- Appendix B: Audit Program for Application Systems Auditing
- Appendix C: Logical Access-Control Audit Program
- Appendix D: Audit Program for Auditing UNIX/Linux Environments
- Appendix E: Audit Program for Auditing Windows VISTA and Windows 7 Environments
- About the Author
- About the Website
- Index
Product information
- Title: Auditor's Guide to IT Auditing, Second Edition
- Author(s):
- Release date: April 2012
- Publisher(s): Wiley
- ISBN: 9781118147610
You might also like
book
Auditor’s Guide to Information Systems Auditing
Praise for Auditor's Guide to Information Systems Auditing " Auditor's Guide to Information Systems Auditing is …
book
Auditing Information Systems, Second Edition
Have you been asked to perform an information systems audit and don't know where to start? …
book
Auditing the Risk Management Process
Risk management is a part of mainstream corporate life that touches all aspects of every type …
book
IT Auditing Using Controls to Protect Information Assets, 2nd Edition, 2nd Edition
Secure Your Systems Using the Latest IT Auditing Techniques Fully updated to cover leading-edge tools and …