Information Technology Control and Audit (5th Edition)

$19.99

Download Information Technology Control and Audit (5th Edition) written by Angel R. Otero in PDF format. This book is under the category Computers and bearing the isbn/isbn13 number 1498752284/9781498752282. You may reffer the table below for additional details of the book.

SKU: a113c1ecd3ca Category: Tag:

Specifications

book-author

Angel R. Otero

publisher

Auerbach Publications; 5th edition

file-type

PDF

pages

510 pages

language

English

asin

B07G1D7HTY

isbn10

1498752284

isbn13

9781498752282


Book Description

The new Information Technology Control and Audit 5th edition (PDF) has been significantly revised to include a comprehensive overview of the IT environment; including new legislation; revolutionizing technologies; audit process; strategy; governance; and outsourcing; among others. This new 5th edition also outlines common IT audit risks; procedures; and involvement associated with major IT audit areas. It further provides cases featuring practical IT audit scenarios; as well as sample documentation to design and perform actual IT audit work. Filled with up-to-date audit concepts; techniques; tools; and references for further reading; this revised fifth edition of Information Technology Control and Audit promotes the mastery of concepts; as well as the effective implementation and assessment of IT controls by auditors and organizations.

Note: This product only includes Information Technology Control and Audit 5e PDF. No online resource codes are included

Additional information

book-author

Angel R. Otero

publisher

Auerbach Publications; 5th edition

file-type

PDF

pages

510 pages

language

English

asin

B07G1D7HTY

isbn10

1498752284

isbn13

9781498752282

Table of contents


Table of contents :
Cover……Page 1
Half Title……Page 2
Title Page……Page 4
Copyright Page……Page 5
Dedication……Page 6
Contents……Page 8
Preface……Page 18
Acknowledgments……Page 24
Author……Page 26
SECTION I: FOUNDATION FOR IT AUDIT……Page 28
IT Environment……Page 30
Enterprise Resource Planning (ERP)……Page 31
Cloud Computing……Page 32
Other Technology Systems Impacting the IT Environment……Page 33
The Auditing Profession……Page 34
Financial Auditing……Page 36
Internal Audit Function……Page 37
What Is IT Auditing?……Page 38
IT Auditing Trends……Page 40
Information Assurance……Page 42
Need for IT Audit……Page 43
IT Governance……Page 45
IT Auditor as Counselor……Page 46
IT Auditor as Investigator……Page 47
A Common Body of Knowledge……Page 48
Continuing Education……Page 49
Professional Associations and Ethical Standards……Page 50
Educational Curricula……Page 51
IT Auditor Profile: Experience and Skills……Page 52
Management Consulting Firms……Page 53
Conclusion……Page 54
Exercises……Page 55
Further Reading……Page 56
IT Crimes and Cyberattacks……Page 58
Federal Financial Integrity Legislation—Sarbanes–Oxley Act of 2002……Page 62
PCAOB……Page 63
Auditor Independence Rules and Corporate Governance Standards……Page 64
Federal Security Legislation……Page 65
Computer Security Act of 1987……Page 66
Homeland Security Act of 2002……Page 67
Federal Information Security Management Act of 2002……Page 68
Privacy Legislation……Page 69
Electronic Communications Privacy Act of 1986……Page 70
Health Insurance Portability and Accountability Act of 1996……Page 71
The Health Information Technology for Economic and Clinical Health of 2009……Page 72
Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act (USA PATRIOT Act) of 2001……Page 73
State Laws……Page 74
International Privacy Laws……Page 79
Review Questions……Page 82
Further Reading……Page 83
Audit Universe……Page 86
COBIT……Page 87
Risk Assessment……Page 90
Audit Plan……Page 91
Objectives and Context……Page 95
IT Audits Conducted to Support Financial Statement Audits……Page 96
Audit Team, Tasks, and Deadlines……Page 97
Preliminary Review……Page 105
General Information about IT Environment……Page 106
Identifying Financial Applications……Page 107
Test Controls……Page 108
Substantive Testing……Page 110
Audit Findings……Page 112
Communication……Page 113
Enterprise Architecture……Page 118
Conclusion……Page 119
Exercises……Page 120
Further Reading……Page 122
4 Tools and Techniques Used in Auditing IT……Page 124
Audit Planning and Tracking……Page 125
Data Management, Electronic Working Papers, and Groupware……Page 126
System Documentation Techniques to Understand Application Systems……Page 128
Flowcharting as an Audit Analysis Tool……Page 130
Identifying Documents and Their Flow through the System……Page 131
Assessing Controls over Documents……Page 133
Appropriateness of Flowcharting Techniques……Page 134
Computer-Assisted Audit Techniques (CAATs)……Page 136
Data Analysis……Page 137
Random Attribute Sampling and Variable Sampling……Page 140
Audit Command Language (ACL)……Page 142
Step 3: Verifying the Integrity of the Data……Page 145
Spreadsheet Controls……Page 146
CAATs for Operational Reviews……Page 147
Auditing Around the Computer Versus Auditing Through the Computer……Page 148
Conclusion……Page 152
Exercises……Page 153
Further Reading……Page 155
SECTION II: PLANNING AND ORGANIZATION……Page 158
5 IT Governance and Strategy……Page 160
IT Governance—Alignment of IT with Business Objectives……Page 161
COBIT……Page 162
ISO/IEC 27002……Page 163
IT Performance Metrics……Page 164
IT-Generated Business Value……Page 166
End-User Service Satisfaction……Page 167
Steps in Building an IT Balanced Scorecard……Page 168
Regulatory Compliance and Internal Controls……Page 171
IT Strategy……Page 172
IT Steering Committee……Page 173
Communication……Page 174
Operational Planning……Page 175
Technical Review……Page 176
Conclusion……Page 177
Exercises……Page 178
Further Reading……Page 179
Risk Management……Page 182
Enterprise Risk Management—Integrated Framework……Page 184
Objective Setting……Page 185
Risk Assessment……Page 186
Risk Response……Page 187
Control Activities……Page 188
Information and Communication……Page 189
Risk Assessment……Page 190
Available Guidance……Page 191
ISO/IEC……Page 192
National Institute of Standards and Technology (NIST)……Page 193
American Institute of Certified Public Accountants (AICPA)……Page 194
ISACA……Page 195
Committee of Sponsoring Organizations of the Treadway Commission (COSO)……Page 196
IT Risks Typically Insured……Page 197
Reduction and Retention of Risks……Page 198
Conclusion……Page 199
Review Questions……Page 200
Further Reading……Page 201
Project Management……Page 204
Project Management Standards, Leading Authorities, and Methodologies……Page 206
Planning……Page 211
Oversight and Tracking……Page 215
Project Management Tools……Page 217
Project Management Certification……Page 218
Program Management……Page 219
Risk Assessment……Page 220
Audit Plan……Page 221
Big Data Project Management……Page 222
Review Questions……Page 224
Exercises……Page 225
Further Reading……Page 226
System Development Life Cycle……Page 228
Planning……Page 229
Development……Page 230
Testing……Page 232
Implementation……Page 235
Data Conversion and Cleanup Processes……Page 236
IT Disaster Plan……Page 237
Support……Page 238
Operations and Maintenance……Page 239
Additional Risks and Associated Controls Related to the SDLC Phases……Page 241
Agile System Development……Page 242
Joint Application Development……Page 245
Prototyping and Rapid Application Development……Page 246
Lean Software Development……Page 247
End-User Development……Page 248
IT Auditor’s Involvement in System Development and Implementation……Page 250
Audit Plan……Page 251
Auditor Task: System Analysis and Requirements……Page 252
Auditor Task: Testing……Page 253
Auditor Task: Operations and Maintenance……Page 254
Communication……Page 259
Conclusion……Page 260
Exercises……Page 261
Further Reading……Page 263
SECTION III: AUDITING IT ENVIRONMENT……Page 266
Application System Risks……Page 268
Inaccurate Information……Page 270
Inaccurate or Incomplete Output……Page 271
End-User Development Application Risks……Page 272
Absence of Segregation of Duties……Page 273
Lack of Back-Up and Recovery Options……Page 274
Destruction of Information by Computer Viruses……Page 275
Risks to Systems Exchanging Electronic Business Information……Page 276
Standards for EDI Audit Assessments……Page 278
Web Application Risks……Page 279
Application Controls……Page 280
Accuracy……Page 281
Completeness……Page 282
Accuracy and Completeness……Page 283
Output Controls……Page 285
IT Auditor’s Involvement……Page 286
Audit Plan……Page 287
Conclusion……Page 288
Exercises……Page 289
Further Reading……Page 290
10 Change Control Management……Page 292
Change Control Management Process……Page 293
Change Request Form……Page 294
Controls……Page 296
Maintenance Changes……Page 297
Software Distribution……Page 298
Change Control Management Boards or Committees……Page 299
Criteria for Approving Changes……Page 300
Points of Change Origination and Initiation……Page 301
Change Documentation……Page 302
Configuration Management……Page 303
Organizational Change Management……Page 304
Organizational Culture Defined……Page 305
Audit Involvement……Page 306
Review Questions……Page 309
Exercises……Page 310
Further Reading……Page 316
11 Information Systems Operations……Page 318
Data Processing……Page 319
Protection of Data Files and Programs……Page 321
Physical Security and Access Controls……Page 322
Environmental Controls……Page 323
Program and Data Backups……Page 324
Business Continuity Plan……Page 326
Disaster Recovery Plan……Page 327
DRP Components……Page 328
Audit Involvement in Information Systems Operations……Page 329
Audit of a DRP……Page 331
Conclusion……Page 332
Exercises……Page 337
Further Reading……Page 339
12 Information Security……Page 342
Information Security……Page 344
Enterprise Resource Planning (ERP)……Page 345
Mobile Device Management (MDM)……Page 346
Other Technology Systems Impacting the IT Environment……Page 347
Information Security Threats and Risks……Page 348
COBIT……Page 351
ISO/IEC 27002……Page 352
NIST……Page 354
Information Security Policy……Page 355
Information Security Roles and Responsibilities……Page 357
Third-Party Responsibilities……Page 358
Vulnerability Management……Page 359
Identity Management……Page 360
Selection and Testing of Information Security Controls……Page 361
Involvement in an Information Security Audit……Page 363
Conclusion……Page 365
Review Questions……Page 367
Exercises……Page 368
Further Reading……Page 369
13 Systems Acquisition, Service Management, and Outsourcing……Page 372
Defining System Requirements……Page 373
Identifying Alternatives……Page 374
Performing a Feasibility Analysis……Page 376
Carrying Out the Selection Process……Page 377
Procuring Selected Software……Page 380
Defined IT Services……Page 382
Design Services and Pricing……Page 383
Services Engagement and Delivery……Page 385
What to Measure……Page 386
How to Measure……Page 387
Service Management Tools……Page 388
Outsourcing IT Systems……Page 389
Auditing Service Organizations……Page 392
Conclusion……Page 394
Review Questions……Page 395
Exercises……Page 396
Further Reading……Page 397
Appendix 1: IT Planning Memo……Page 400
Appendix 2: Understanding the IT Environment……Page 406
Appendix 3: Sample IT Audit Programs for General Control IT Areas……Page 418
Appendix 4: ACL Best Practice Procedures for Testing Accounting Journal Entries……Page 438
Appendix 5: IT Risk Assessment Example Using NIST SP 800-30……Page 444
Appendix 6: Sample Change Control Management Policy……Page 462
Appendix 7: Sample Information Systems Operations Policy……Page 468
Appendix 8: Auditing End-User Computing Groups……Page 476
Appendix 9: Recommended Control Areas for Auditing Software Acquisitions……Page 480
Appendix 10: Glossary……Page 486
Index……Page 498

Recent Posts

5 tips for a good business blog

Follow my blog with BloglovinAre you also looking for a good structure for your business blogs? That you finally have a serious and good structure for all your texts that are online? On your website but also on social media. In this review you will find 5 tips from Susanna Florie from her…

Study tips from a budding engineer

“Why engineering?” is a question I get often. The answer for me is simple: I like to solve problems. Engineering is a popular field for many reasons. Perhaps this is because almost everything around us is created by engineers in one way or another, and there are always new, emerging and exciting technologies impacting…

How do I study mathematics and pass my exam?

Not sure how best to study math ? Are you perhaps someone who starts studying the day before the exam? Then you know yourself that your situation is not the most ideal. Unfortunately, there is no magic bullet to make you a maths crack or pass your exam in no time . It is important to know that mathematics always builds on…

(0)
×