Auditor's Guide to IT Auditing
+ Software Demo
Wiley Corporate F&A
2. Edition April 2012
464 Pages, Hardcover
Practical Approach Book
Step-by-step guide to successful implementation and control of IT systems--including the Cloud
Many auditors are unfamiliar with the techniques they need to know to efficiently and effectively determine whether information systems are adequately protected. Now in a Second Edition, Auditor's Guide to IT Auditing presents an easy, practical guide for auditors that can be applied to all computing environments.
* Follows the approach used by the Information System Audit and Control Association's model curriculum, making this book a practical approach to IS auditing
* Serves as an excellent study guide for those preparing for the CISA and CISM exams
* Includes discussion of risk evaluation methodologies, new regulations, SOX, privacy, banking, IT governance, CobiT, outsourcing, network management, and the Cloud
As networks and enterprise resource planning systems bring resources together, and as increasing privacy violations threaten more organization, information systems integrity becomes more important than ever. Auditor's Guide to IT Auditing, Second Edition empowers auditors to effectively gauge the adequacy and effectiveness of information systems controls.
PART I: IT AUDIT PROCESS 1
Chapter 1: Technology and Audit 3
Chapter 2: IT Audit Function Knowledge 25
Chapter 3: IT Risk and Fundamental Auditing Concepts 33
Chapter 4: Standards and Guidelines for IT Auditing 47
Chapter 5: Internal Controls Concepts Knowledge 57
Chapter 6: Risk Management of the IT Function 73
Chapter 7: Audit Planning Process 85
Chapter 8: Audit Management 93
Chapter 9: Audit Evidence Process 103
Chapter 10: Audit Reporting Follow-up 123
PART II: INFORMATION TECHNOLOGY GOVERNANCE 131
Chapter 11: Management 133
Chapter 12: Strategic Planning 147
Chapter 13: Management Issues 159
Chapter 14: Support Tools and Frameworks 169
Chapter 15: Governance Techniques 179
PART III: SYSTEMS AND INFRASTRUCTURE LIFECYCLE MANAGEMENT 185
Chapter 16: Information Systems Planning 187
Chapter 17: Information Management and Usage 199
hapter 18: Development, Acquisition, and Maintenance of Information Systems 207
Chapter 19: Impact of Information Technology on the Business Processes and Solutions 215
Chapter 20: Software Development 221
Chapter 21: Audit and Control of Purchased Packages and Services 229
Chapter 22: Audit Role in Feasibility Studies and Conversions 237
Chapter 23: Audit and Development of Application Controls 243
PART IV: INFORMATION TECHNOLOGY SERVICE DELIVERY AND SUPPORT 253
Chapter 24: Technical Infrastructure 255
Chapter 25: Service-Center Management 265
PART V: PROTECTION OF INFORMATION ASSETS 271
Chapter 26: Information Assets Security Management 273
Chapter 27: Logical Information Technology Security 283
Chapter 28: Applied Information Technology Security 297
Chapter 29: Physical and Environmental Security 305
PART VI: BUSINESS CONTINUITY AND DISASTER RECOVERY 311
Chapter 30: Protection of the Information Technology Architecture and Assets: Disaster-Recovery Planning 313
Chapter 31: Displacement Control 323
PART VII: ADVANCED IT AUDITING 329
Chapter 32: Auditing E-commerce Systems 331
Chapter 33: Auditing UNIX/Linux 345
Chapter 34: Auditing Windows VISTA and Windows 7 355
Chapter 35: Foiling the System Hackers 361
Chapter 36: Preventing and Investigating Information Technology Fraud 367
Appendix A Ethics and Standards for the IS Auditor 377
Appendix B Audit Program for Application Systems Auditing 379
Appendix C Logical Access Control Audit Program 393
Appendix D Audit Program for Auditing UNIX/Linux Environments 401
Appendix E Audit Program for Auditing Windows VISTA and Windows 7 Environments 407
About the Author 415
About the Website 417
Index 419
