The Basics of IT Audit : Purposes, Processes, and Practical Information.

Format:

Book

Author/Creator:

Gantz, Stephen D.

Language:

English

Subjects (All):

Information technology--Auditing.

Information technology - Auditing.

Physical Description:

1 online resource (271 pages)

Edition:

1st ed.

Place of Publication:

San Diego : Elsevier Science & Technology Books, 2013.

Contents:

Front Cover

The Basics of IT Audit

Copyright Page

Contents

Acknowledgments

About the Author

About the Technical Editor

Trademarks

Introduction

Information in this chapter:

Introduction to IT auditing

Purpose and rationale

Intended use

Key audiences

Structure and content

1 IT Audit Fundamentals

What is IT auditing?

Internal controls

What to audit

IT audit characteristics

Why audit?

Who gets audited?

Who does IT auditing?

External auditors

Internal auditors

IT auditor development paths

Relevant source material

Summary

References

2 Auditing in Context

IT governance

The role of IT audit in governance

Risk management

Risk management components

The role of IT audit in risk management

Compliance and certification

Managing compliance and certification

The role of IT audit in compliance and certification

Quality management and quality assurance

The role of IT audit in quality management

Information security management

The role of IT audit in information security management

3 Internal Auditing

Internal audit as an organizational capability

Independence and objectivity

Establishing the IT audit program

Internal audit program charter

Internal audit program responsibilities

Benefits of internal IT auditing

Internal audit challenges

4 External Auditing

Operational aspects of external audits

Roles and responsibilities for external auditing

Independence in external auditing

Organizational participation in external audits

External IT audit drivers and rationale

External audit benefits

Advantages compared to internal audits

Regulatory auditors.

Certifying organizations

External audit challenges

5 Types of Audits

Financial audits

Cost accounting

Programmatic audits

Operational audits

Operational audits of internal controls

Audits of policies, processes, and procedures

Program or project-focused operational audits

Certification audits

Service management

Security management

Quality management

Compliance audits

Legal compliance

Compliance with industry standards

Commercial standards

IT-specific audits

IT process maturity

Provision of IT services

Information systems controls

6 IT Audit Components

Establishing the scope of IT audits

Developing and maintaining the audit universe

Governance, risk, and compliance drivers

Audit strategy and prioritization

Types of controls

Control categorization

Organizational controls

Auditing different IT assets

IT component decomposition

Systems and applications

Databases

Operating systems

Hardware

Networks

Storage

Data centers

Virtualized environments

Interfaces

Auditing procedural controls or processes

IT operations

Program and project management

System development life cycle

Concept

Development

Production

Utilization

Support

Retirement

7 IT Audit Drivers

Laws and regulations

Securities industry laws and regulations

Securities and Exchange Commission laws and regulations

Sarbanes-Oxley Act of 2002

European Council Directive 2006/43/EC

Graham-Leach-Bliley Act

Health industry-specific laws

Health Insurance Portability and Accountability Act

Health Information Technology for Economic and Clinical Health Act.

International health data privacy protection laws

Security and privacy laws

European Council Directive 95/46/EC

Computer Fraud and Abuse Act

Electronic Communications Privacy Act

State security and privacy laws

Government sector laws

Federal Information Security Management Act

The Privacy Act

Certification standards

Quality certification

Information security

Operational effectiveness

Quality assurance and continuous improvement

8 IT Audit Processes

Audit planning

Audit preparation

Resource allocation

Preliminary data gathering

Audit procedures and protocols

Planning internal and external audits

Audit performance

Evidence collection

Analysis of evidence

Reporting findings

Using information in audit reports

Responding to audit results

Process life cycles and methodologies

9 Methodologies and Frameworks

Audit-specific methodologies and frameworks

Generally Accepted Auditing Standards

International Standards on Auditing

Committee of Sponsoring Organizations integrated framework

International Professional Practices Framework

International Organization for Standardization

IT governance and management frameworks

Control Objectives for Business and Related Information Technology

Information Technology Infrastructure Library

Government-focused audit methodologies

Federal Information System Controls Audit Manual

International Standards of Supreme Audit Institutions

Security control assessment frameworks

ISO/IEC 27000 series

NIST security control assessment guidance

References.

10 Audit-Related Organizations, Standards, and Certifications

National and international perspectives

Auditing for legal or regulatory compliance

Audit-focused standards and certification organizations

American Institute of Certified Public Accountants

Audit standards

AICPA certifications

Institute of Internal Auditors

Certifications

International Organisation of Supreme Audit Institutions

International Federation of Accountants

Information Systems Audit and Control Association

Government Accountability Office

Auditors' oversight bodies

Organizations offering standards, guidance, or certifications relevant to IT auditing

SANS Institute

Software Engineering Institute

Institute of Electrical and Electronics Engineers

International Information Systems Security Certification Consortium

American Society for Quality

Open Web Application Security Project

Other standards and certifications

Computer forensics and penetration testing

Acronyms

Acronyms and abbreviations

Index.

Notes:

Description based on publisher supplied metadata and other sources.

Other Format:

Print version: Gantz, Stephen D. The Basics of IT Audit

ISBN:

9780124171763

OCLC:

863823703