Preface
PART I IT Audit Process
Chapter 1 Technology and Audit
Technology And Audit
Batch And On-Line Systems
Electronic Data Interchange
Electronic Business
Cloud Computing
Chapter 2 IT Audit Function Knowledge
Information Technology auditing
What Is Management?
Management Process
Understanding The Organization's Business
Establishing The Needs
Identifying Key Activities
Establish Performance Objectives
Decide The Control Strategies
Implement And Monitor The Controls
Executive Management's Responsibility And Corporate Governance
Audit Role
Conceptual Foundation
Professionalism Within The It Auditing Function
Relationship Of Internal It Audit To The External Auditor
Relationship Of It Audit To Other Company Audit Activities
Audit Charter
Charter Content
Outsourcing The It Audit Activity
Regulation, Control, And Standards
Chapter 3 IT Risk and Fundamental Auditing Concepts
Computer Risks And Exposures
Effect Of Risk
Audit And Risk
Audit Evidence
Conducting An It Risk Assessment Process
Nist Sp 800 30 Framework
Iso 27005
The “Cascarino Cube”
Networking Communications
Reliability Of Audit Evidence
Audit Evidence Procedures
Responsibilities For Fraud Detection And Prevention
Chapter 4 Standards and Guidelines for IT Auditing
IIA Standards
code of ethics
Advisory
Aids
Standards For The Professional Performance Of Internal Auditing
ISACA Standards
ISACA Code of Ethics
COSO: Internal Control Standards
BS 7799 and ISO 17799: IT Security
NIST
BSI Baselines
Chapter 5 Internal Controls Concepts Knowledge
Internal Controls
Cost/Benefit Considerations
Internal Control Objectives
Types Of Internal Controls
Systems Of Internal Control
Elements Of Internal Control
Manual And Automated Systems
Control Procedures
Application Controls
Control Objectives And Risks
General Control Objectives
Data And Transactions Objectives
Program Control Objectives
Corporate It Governance
Coso And Information Technology
Governance Frameworks
Chapter 6 Risk Management of the IT Function
Nature Of Risk
Risk Analysis Software
Auditing In General
Elements Of Risk Analysis
Defining The Audit Universe
Computer System Threats
Risk Management
Chapter 7 Audit Planning Process
Benefits Of An Audit Plan
Structure Of The Plan
Types Of Audit
Chapter 8 Audit Management
Planning
Audit Mission
IT Audit Mission
Organization Of The Function
Staffing
IT Audit As A Support Function
Planning
Business Information Systems
Integrated It Auditor Vs Integrated It Audit
Auditees As Part Of The Audit Team
Application Audit Tools
Advanced Systems
Specialist Auditor
IT Audit Quality Assurance
Chapter 9 Audit Evidence Process
Audit Evidence
Audit Evidence Procedures
Criteria For Success
Statistical Sampling
Why Sample?
Judgmental (Or Non-Statistical) Sampling
Statistical Approach
Sampling Risk
Assessing Sampling Risk
Planning A Sampling Application
Calculating Sample Size
Quantitative Methods
Project Scheduling Techniques
Simulations
Computer Assisted Audit Solutions
Generalized Audit Software
Application And Industry-Related Audit Software
Customized Audit Software
Information Retrieval Software
Utilities
On-Line Inquiry
Conventional Programming Languages
Microcomputer-Based Software
Test Transaction Techniques
Chapter 10 Audit Reporting Follow-up
Audit Reporting
Interim Reporting
Closing Conferences
Written Reports
Clear Writing Techniques
Preparing To Write
Basic Audit Report
Executive Summary
Detailed Findings
Polishing The Report
Distributing The Report
Follow-Up Reporting
Types Of Follow-Up Action
Part II Information Technology Governance
Chapter 11 Management
IT Infrastructures
Project-Based Functions
Quality Control
Operations And Production
Technical Services
Performance Measurement And Reporting
Measurement Implementation
Chapter 12 Strategic Planning
Strategic Management Process
Strategic Drivers
New Audit Revolution
Leveraging It
Business Process Re-Engineering Motivation
IT As An Enabler Of Re-Engineering
Dangers Of Change
System Models
Information Resource Management
Strategic Planning For It
Decision Support Systems
Steering Committees
Strategic Focus
Auditing Strategic Planning
Design The Audit Procedures
Chapter 13 Management Issues
Privacy
Copyrights, Trademarks, And Patents
Ethical Issues
Corporate Codes Of Conduct
IT Governance
Sarbanes-Oxley Act
Payment Card Industry Data Security Standards
Housekeeping
Chapter 14 Support Tools and Frameworks
General Frameworks
Coso: Internal Control Standards
Other Standards
Governance Frameworks
Chapter 15 Governance Techniques
Change Control
Problem Management
Auditing Change Control
Operational Reviews
Performance Measurement
ISO 9000 Reviews
Part III Systems and Infrastructure Lifecycle Management
Chapter 16 Information Systems Planning
Stakeholders
Operations
Systems Development
Technical Support
Other System Users
Segregation Of Duties
Personnel Practices
Object-Oriented Systems Analysis
Enterprise Resource Planning
Cloud Computing
Chapter 17 Information Management and Usage
What Are Advanced Systems?
Service Delivery And Management
Computer Assisted Audit Tools And Techniques
Chapter 18 Development, Acquisition, and Maintenance of Information Systems
Programming Computers
Program Conversions
System Failures
Systems Development Exposures
Systems Development Controls
Systems Development Life Cycle Control: Control Objectives
Micro- Based Systems
Cloud Computing Applications
Chapter 19 Impact of Information Technology on the Business Processes and Solutions
Impact
Continuous Monitoring
Business Process Outsourcing
E- Business
Chapter 20 Software Development
Developing A System
Change Control
Why Do Systems Fail?
Auditor's Role In Software Development
Chapter 21 Audit and Control of Purchased Packages and Services
IT Vendors
Request For Information
Requirements Definition
Request For Proposal
Installation
Systems Maintenance
Systems Maintenance Review
Outsourcing
SAS 70 Reports
Chapter 22 Audit Role in Feasibility Studies and Conversions
Feasibility Success Factors
Conversion Success Factors
Chapter 23 Audit and Development of Application Controls
What Are Systems?
Classifying Systems
Controlling Systems
Control Stages
System Models
Information Resource Management
Control Objectives Of Business Systems
General Control Objectives
Caats And Their Role In Business Systems Auditing
Common Problems
Audit Procedures
Caat Use In Non-Computerized Areas
Designing An Appropriate Audit Program
Part IV Information Technology Service Delivery and Support
Chapter 24 Technical Infrastructure
Auditing The Technical Infrastructure
Infrastructure Changes
Computer Operations Controls
Operations Exposures
Operations Controls
Personnel Controls
Supervisory Controls
Information Security
Operations Audits
Chapter 25 Service Center Management
Private Sector Preparedness (PS Prep)
Continuity Management and Disaster Recovery
Managing Service Center Change
Part V Protection of Information Assets
Chapter 26 Information Assets Security Management
What Is Information Systems Security?
Control Techniques
Workstation Security
Physical Security
Logical Security
User Authentication
Communications Security
Encryption
How Encryption Works
Encryption Weaknesses
Potential Encryption
Data Integrity
Double Public Key Encryption
Steganography
Information Security Policy
Chapter 27 Logical Information Technology Security
Computer Operating Systems
Tailoring The Operating System
Auditing The Operating System
Security
Criteria
Security Systems: Resource Access Control Facility
Auditing Racf
Access Control Facility 2
Top Secret
User Authentication
Bypass Mechanisms
Security Testing Methodologies
Chapter 28 Applied Information Technology Security
Communications And Network Security
Network Protection
Hardening The Operating Environment
Client Server And Other Environments
Firewalls And Other Protection Resources
Intrusion Detection Systems
Chapter 29 Physical and Environmental Security
Control Mechanisms
Implementing The Controls
Part VI Business Continuity and Disaster Recovery
Chapter 30 Protection of the Information Technology Architecture and Assets: Disaster Recovery Planning
Risk Reassessment
Disaster—Before and After
Consequences Of Disruption
Where To Start
Testing The Plan
Auditing The Plan
Chapter 31 Displacement Control
Insurance
Self-Insurance
PART VII Advanced IT Auditing
Chapter 32 Auditing E-commerce Systems
E-Commerce And Electronic Data Interchange: What Is IT?
Opportunities And Threats
Risk Factors
Threat List
Security Technology
“Layer” Concept
Authentication
Encryption
Trading Partner Agreements
Risks And Controls Within Edi And E-Commerce
E-Commerce And Auditability
Compliance Auditing
E-Commerce Audit Approach
Audit Tools And Techniques
Auditing Security Control Structures
Computer Assisted Audit Techniques
Chapter 33 Auditing UNIX/Linux
History
Security And Control In A Unix/Linux System
Architecture
Unix Security
Services
Daemons
Auditing Unix
Scrutiny Of Logs
Audit Tools In The Public Domain
Unix Passwd File
Auditing Unix Passwords
Chapter 34 Auditing Windows VISTA and Windows 7
History
NT And Its Derivatives
Auditing Windows Vista/ Windows 7
Password Protection
Vista/Windows 7
Security Checklist
Chapter 35 Foiling the System Hackers
Chapter 36 Preventing and Investigating Information Technology Fraud
Preventing Fraud
Investgation
Identity Theft
Appendices
Appendix A Ethics and Standards for the IS Auditor
ISACA Code Of Professional Ethics
Relationship Of Standards To Guidelines And Procedures
Appendix B Audit Program for Application Systems Auditing
Appendix C Logical Access Control Audit Program
Appendix D Audit Program for Auditing UNIX/Linux Environments
Appendix E Audit Program for Auditing Windows VISTA and Windows 7 Environments
About the Author
About the Website
Index
