Information Technology Control and Audit, Second Edition

Published:
March 29, 2004 by Auerbach Publications - 888 Pages
Author(s):
Sandra Senft, California State Polytechnic University, Pomona, USA; Frederick Gallegos, California State Polytechnic University, Pomona, USA; Daniel P. Manson, California State Polytechnic University, California, USA; Carol Gonzales, California State University, Pomona, California, USA
Request
Evaluation Copy

Purchasing Options

Hardback
Not available
in your region
ISBN 9780849320323
Cat# AU2032
 

Features

  • Provides a complete overview for beginning IT auditors on the mechanisms of auditing applications, development systems, and operations
  • Analyzes the use of the CobiT approach
  • Covers advanced topics in the audit of operations such as e-commerce, wireless technologies, and ERP systems and implementation
  • Discusses legal issues facing IT auditors as a result of HIPAA, Sarbanes-Oxley, and the Homeland Security Act
  • Includes an Instructor's Guide (with qualifying course adoption) that provides a complete map to teaching the course. It consists of course summary and objectives, analogies for chapter concepts, PowerPoint slides, and other supplementary materials

    • Summary

    Information Technology Control and Audit, Second Edition is an excellent introductory textbook for IT auditing. It covers a wide range of topics in the field including the audit process, the legal environment of IT auditing, security and privacy, and much more.

    This textbook first examines the foundation of IT audit and control, discussing what IT auditing involves and the guidance provided by organizations in dealing with control and auditability issues. It then analyzes the process of audit and review, explores IT governance and control, and discusses the CobiT framework and steps that align IT decisions with business strategy. This volume examines project management processes that ensure that projects are controlled from inception through integration.

    It continues by addressing auditing IT acquisition and implementation, describing risks and controls as related to the life cycle of application systems. It highlights the purchase and installation of new systems, as well as change management. The next section examines the auditing of IT operations in both standalone and global environments, covering types of IT operation, issues related to specific platforms, risk and control assessment, and audit methods and support tools.

    The textbook concludes with a review of emerging issues, providing undergraduate and graduate students with a thorough overview of a topic critical to organizational security and integrity.

    Table of Contents

    FOUNDATION FOR IT AUDIT AND CONTROL
    Information Technology Environment: Why are Controls and
    Audit Important?
    Audit and Review: Its Role in Information Technology
    The Audit Process in an Information Technology Environment
    Auditing Using Computer Assisted Audit Tools and Techniques

    AUDITING IT PLANNING AND ORGANIZATION
    Strategy and Standards
    Planning and Controlling
    Project Management
    Quality Management

    AUDITING IT ACQUISITION AND IMPLEMENTATION
    Software Acquisition
    Project Implementation
    Application Maintenance
    Change Management

    AUDITING IT OPERATIONS: FROM STANDALONE TO
    GLOBAL
    IT Operations Environments: Complexities and Control Issues
    Operational Control Issues
    Assessing Risk in IT Operations
    Audit Methods and Techniques for Operations
    Using Tools and Techniques In IT Operation Reviews

    EMERGING ISSUES IN IT AUDIT
    The Legal Environment and its Impact on Information
    Technology: From IT Crime Law to IT Contract Law to
    Netlaw
    Security and Privacy of Information Technology: Individual to the
    Intranet/Internet
    IT Auditing: Career Planning and Development, Evaluating Audit
    Quality and Best Practices
    IT Auditing in the New Millennium

    APPENDIXES
    IT Audit Cases
    Bibliography of Selected Publications for Information
    Technology Auditors
    Professional Standards and Guidance that apply to Information
    Technology
    Glossary
    Sample Audit Programs

    Editorial Reviews

    "The book is very useful for beginners as well as practitioners…[It] is well written and presented. Its practical implementation in the country of origin of the authors (USA) should provide resiliency to IT security in the emerging cyberworld."
    - Information Systems Control Journal, Vol. 4, 2005

    Related Titles