Skip to Main Content
Understanding and Conducting Information Systems Auditing + Website
book

Understanding and Conducting Information Systems Auditing + Website

by Veena Hingarh, Arif Ahmed
March 2013
Beginner content levelBeginner
304 pages
8h 26m
English
Wiley
Content preview from Understanding and Conducting Information Systems Auditing + Website

Chapter Four

Information Systems Audit Requirements

IN THIS CHAPTER WE discuss the critical requirements of an information systems audit in terms of both input and delivery. After reading this chapter, you should develop a comprehensive understanding of the general scope of an information systems audit, types of evidences, and areas that an information systems auditor must focus on.

RISK ANALYSIS

The scope of an information systems audit includes verifying the existence and performance of controls. The selection of the controls to test remains a critical decision for the information systems auditor and will have a major role in determining the quality of the audit. In order to ensure adequate coverage of testing, the auditor is required to prioritize testing of controls. Prioritization essentially depends on the corresponding loss exposure to the auditee in the event of the failure of a specific control. The likelihood of a control failing, and even being activated, is uncertain. This calls for a risk analysis exercise on the part of the auditor. Risk is the likelihood that the entity would face a vulnerability being exploited or a threat becoming harmful. Vulnerability is the inherent weaknesses of a system or process that can be exploited by a threat. Threats stand for uncertain events that can cause loss to the entity. The threats exploit the gap between the level of protection necessary and the degree of protection achieved. Once an entity is aware of the potential loss, it ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Information Security Management, 2nd Edition

Information Security Management, 2nd Edition

Michael Workman
Auditing IT Infrastructures for Compliance, 3rd Edition

Auditing IT Infrastructures for Compliance, 3rd Edition

Robert Johnson, Marty Weiss, Michael G. Solomon

Publisher Resources

ISBN: 9781118343777Purchase book