{"product_id":"understanding-and-conducting-information-systems-auditing-isbn-9781118343746","title":"Understanding and Conducting Information Systems Auditing","description":"\u003cb\u003eA comprehensive guide to understanding and auditing modern information systems\u003c\/b\u003e  \u003cp\u003eThe increased dependence on information system resources for performing key activities within organizations has made system audits essential for ensuring the confidentiality, integrity, and availability of information system resources. One of the biggest challenges faced by auditors is the lack of a standardized approach and relevant checklist. \u003ci\u003eUnderstanding and Conducting Information Systems Auditing\u003c\/i\u003e brings together resources with audit tools and techniques to solve this problem.\u003c\/p\u003e \u003cp\u003eFeaturing examples that are globally applicable and covering all major standards, the book takes a non-technical approach to the subject and presents information systems as a management tool with practical applications. It explains in detail how to conduct information systems audits and provides all the tools and checklists needed to do so. In addition, it also introduces the concept of information security grading, to help readers to implement practical changes and solutions in their organizations.\u003c\/p\u003e \u003cul\u003e \u003cli\u003eIncludes everything needed to perform information systems audits\u003c\/li\u003e \u003cli\u003eOrganized into two sections—the first designed to help readers develop the understanding necessary for conducting information systems audits and the second providing checklists for audits\u003c\/li\u003e \u003cli\u003eFeatures examples designed to appeal to a global audience\u003c\/li\u003e \u003c\/ul\u003e \u003cp\u003eTaking a non-technical approach that makes it accessible to readers of all backgrounds, \u003ci\u003eUnderstanding and Conducting Information Systems Auditing\u003c\/i\u003e is an essential resource for anyone auditing information systems.\u003c\/p\u003e \u003cp\u003ePreface xi\u003c\/p\u003e \u003cp\u003eAcknowledgments xv\u003c\/p\u003e \u003cp\u003e\u003cb\u003ePART ONE: CONDUCTING AN INFORMATION SYSTEMS AUDIT 1\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 1: Overview of Systems Audit 3\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eInformation Systems Audit 3\u003c\/p\u003e \u003cp\u003eInformation Systems Auditor 4\u003c\/p\u003e \u003cp\u003eLegal Requirements of an Information Systems Audit 4\u003c\/p\u003e \u003cp\u003eSystems Environment and Information Systems Audit 7\u003c\/p\u003e \u003cp\u003eInformation System Assets 8\u003c\/p\u003e \u003cp\u003eClassification of Controls 9\u003c\/p\u003e \u003cp\u003eThe Impact of Computers on Information 12\u003c\/p\u003e \u003cp\u003eThe Impact of Computers on Auditing 14\u003c\/p\u003e \u003cp\u003eInformation Systems Audit Coverage 15\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 2: Hardware Security Issues 17\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eHardware Security Objective 17\u003c\/p\u003e \u003cp\u003ePeripheral Devices and Storage Media 22\u003c\/p\u003e \u003cp\u003eClient-Server Architecture 23\u003c\/p\u003e \u003cp\u003eAuthentication Devices 24\u003c\/p\u003e \u003cp\u003eHardware Acquisition 24\u003c\/p\u003e \u003cp\u003eHardware Maintenance 26\u003c\/p\u003e \u003cp\u003eManagement of Obsolescence 27\u003c\/p\u003e \u003cp\u003eDisposal of Equipment 28\u003c\/p\u003e \u003cp\u003eProblem Management 29\u003c\/p\u003e \u003cp\u003eChange Management 30\u003c\/p\u003e \u003cp\u003eNetwork and Communication Issues 31\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 3: Software Security Issues 41\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eOverview of Types of Software 41\u003c\/p\u003e \u003cp\u003eElements of Software Security 47\u003c\/p\u003e \u003cp\u003eControl Issues during Installation and Maintenance 53\u003c\/p\u003e \u003cp\u003eLicensing Issues 55\u003c\/p\u003e \u003cp\u003eProblem and Change Management 56\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 4: Information Systems Audit Requirements 59\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eRisk Analysis 59\u003c\/p\u003e \u003cp\u003eThreats, Vulnerability, Exposure, Likelihood, and Attack 61\u003c\/p\u003e \u003cp\u003eInformation Systems Control Objectives 61\u003c\/p\u003e \u003cp\u003eInformation Systems Audit Objectives 62\u003c\/p\u003e \u003cp\u003eSystem Effectiveness and Effi ciency 63\u003c\/p\u003e \u003cp\u003eInformation Systems Abuse 63\u003c\/p\u003e \u003cp\u003eAsset Safeguarding Objective and Process 64\u003c\/p\u003e \u003cp\u003eEvidence Collection and Evaluation 65\u003c\/p\u003e \u003cp\u003eLogs and Audit Trails as Evidence 67\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 5: Conducting an Information Systems Audit 71\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eAudit Program 71\u003c\/p\u003e \u003cp\u003eAudit Plan 72\u003c\/p\u003e \u003cp\u003eAudit Procedures and Approaches 75\u003c\/p\u003e \u003cp\u003eSystem Understanding and Review 77\u003c\/p\u003e \u003cp\u003eCompliance Reviews and Tests 77\u003c\/p\u003e \u003cp\u003eSubstantive Reviews and Tests 80\u003c\/p\u003e \u003cp\u003eAudit Tools and Techniques 81\u003c\/p\u003e \u003cp\u003eSampling Techniques 84\u003c\/p\u003e \u003cp\u003eAudit Questionnaire 85\u003c\/p\u003e \u003cp\u003eAudit Documentation 86\u003c\/p\u003e \u003cp\u003eAudit Report 87\u003c\/p\u003e \u003cp\u003eAuditing Approaches 89\u003c\/p\u003e \u003cp\u003eSample Audit Work-Planning Memo 91\u003c\/p\u003e \u003cp\u003eSample Audit Work Process Flow 93\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 6: Risk-Based Systems Audit 101\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eConducting a Risk-Based Information Systems Audit 101\u003c\/p\u003e \u003cp\u003eRisk Assessment 104\u003c\/p\u003e \u003cp\u003eRisk Matrix 105\u003c\/p\u003e \u003cp\u003eRisk and Audit Sample Determination 107\u003c\/p\u003e \u003cp\u003eAudit Risk Assessment 109\u003c\/p\u003e \u003cp\u003eRisk Management Strategy 112\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 7: Business Continuity and Disaster Recovery Plan 115\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eBusiness Continuity and Disaster Recovery Process 115\u003c\/p\u003e \u003cp\u003eBusiness Impact Analysis 116\u003c\/p\u003e \u003cp\u003eIncident Response Plan 118\u003c\/p\u003e \u003cp\u003eDisaster Recovery Plan 119\u003c\/p\u003e \u003cp\u003eTypes of Disaster Recovery Plans 120\u003c\/p\u003e \u003cp\u003eEmergency Preparedness Audit Checklist 121\u003c\/p\u003e \u003cp\u003eBusiness Continuity Strategies 122\u003c\/p\u003e \u003cp\u003eBusiness Resumption Plan Audit Checklist 123\u003c\/p\u003e \u003cp\u003eRecovery Procedures Testing Checklist 126\u003c\/p\u003e \u003cp\u003ePlan Maintenance Checklist 126\u003c\/p\u003e \u003cp\u003eVital Records Retention Checklist 127\u003c\/p\u003e \u003cp\u003eForms and Documents 128\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 8: Auditing in the E-Commerce Environment 147\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIntroduction 147\u003c\/p\u003e \u003cp\u003eObjectives of an Information Systems Audit in the E-Commerce Environment 148\u003c\/p\u003e \u003cp\u003eGeneral Overview 149\u003c\/p\u003e \u003cp\u003eAuditing E-Commerce Functions 150\u003c\/p\u003e \u003cp\u003eE-Commerce Policies and Procedures Review 155\u003c\/p\u003e \u003cp\u003eImpact of E-Commerce on Internal Control 155\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 9: Security Testing 159\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eCybersecurity 159\u003c\/p\u003e \u003cp\u003eCybercrimes 160\u003c\/p\u003e \u003cp\u003eWhat Is Vulnerable to Attack? 162\u003c\/p\u003e \u003cp\u003eHow Cyberattacks Occur 162\u003c\/p\u003e \u003cp\u003eWhat Is Vulnerability Analysis? 165\u003c\/p\u003e \u003cp\u003eCyberforensics 168\u003c\/p\u003e \u003cp\u003eDigital Evidence 170\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 10: Case Study: Conducting an Information Systems Audit 173\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eImportant Security Issues in Banks 174\u003c\/p\u003e \u003cp\u003eImplementing an Information Systems Audit at a Bank Branch 180\u003c\/p\u003e \u003cp\u003eSpecial Considerations in a Core Banking System 185\u003c\/p\u003e \u003cp\u003e\u003cb\u003ePART TWO: INFORMATION SYSTEMS AUDITING CHECKLISTS 197\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 11: ISecGrade Auditing Framework 199\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIntroduction 199\u003c\/p\u003e \u003cp\u003eLicensing and Limitations 200\u003c\/p\u003e \u003cp\u003eMethodology 200\u003c\/p\u003e \u003cp\u003eDomains 200\u003c\/p\u003e \u003cp\u003eGrading Structure 202\u003c\/p\u003e \u003cp\u003eSelection of Checklist 203\u003c\/p\u003e \u003cp\u003eFormat of Audit Report 206\u003c\/p\u003e \u003cp\u003eUsing the Audit Report Format 207\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 12: ISecGrade Checklists 209\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eChecklist Structure 209\u003c\/p\u003e \u003cp\u003eInformation Systems Audit Checklists 210\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 13: Session Quiz 281\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eChapter 1: Overview of Systems Audit 281\u003c\/p\u003e \u003cp\u003eChapter 2: Hardware Security Issues 284\u003c\/p\u003e \u003cp\u003eChapter 3: Software Security Issues 286\u003c\/p\u003e \u003cp\u003eChapter 4: Information Systems Audit Requirements 288\u003c\/p\u003e \u003cp\u003eChapter 5: Conducting an Information Systems Audit 290\u003c\/p\u003e \u003cp\u003eChapter 6: Risk-Based Systems Audit 293\u003c\/p\u003e \u003cp\u003eChapter 7: Business Continuity and Disaster Recovery Plan 294\u003c\/p\u003e \u003cp\u003eChapter 8: Auditing in an E-Commerce Environment 296\u003c\/p\u003e \u003cp\u003eChapter 9: Security Testing 297\u003c\/p\u003e \u003cp\u003eAbout the Authors 299\u003c\/p\u003e \u003cp\u003eAbout the Website 301\u003c\/p\u003e \u003cp\u003eIndex 303\u003c\/p\u003e \u003cp\u003e\u003cb\u003eVEENA HINGARH\u003c\/b\u003e is Joint Director of the South Asian Management Technologies Foundation, a center for research, training, and application in the areas of finance and risk management, which provides training in areas including IS auditing, enterprise risk management, and risk modeling. Winner of numerous merit-based awards during her career, Hingarh’s major areas of focus are IFRS and IS. She speaks frequently at conferences and platforms throughout Asia and the Middle East. Hingarh is a Chartered Accountant from the Institute of Chartered Accountants of India (ICAI), Certified Company Secretary of the Institute of Company Secretaries of India (ICSI), and Certified Information System Auditor (CISA) from ISACA (USA).\u003c\/p\u003e \u003cp\u003e\u003cb\u003eARIF AHMED\u003c\/b\u003e is a professor at and Director of the South Asian Management Technologies Foundation as well as a Chartered Accountant from the Institute of Chartered Accountants of India (ICAI). He is an Information Security Management System Lead Auditor for the British Standards Institution. Ahmed’s areas of focus are finance and risk management, and he has over two decades of postqualification experience in training and strategic consulting. He has been interviewed and quoted throughout the media and has spoken at various seminars and institutions, including the Institute of Chartered Accountants of India, XLRI, and the Institute of Company Secretaries of India.  \u003c\/p\u003e\u003cp\u003eThe increased dependence on information systems assets for performing critical functions of an organization has enhanced the need for using an information systems audit as a control to ensure confidentiality, integrity, and availability of information systems resources. But in order to achieve these goals, auditors in this field face some difficult challenges, including the absence of a standardized audit approach and the lack of relevant checklists.\u003c\/p\u003e \u003cp\u003eAs experts in the information systems arena, authors Veena Hingarh and Arif Ahmed are quite familiar with these important issues. And now, with \u003ci\u003eUnderstanding and Conducting Information Systems Auditing,\u003c\/i\u003e they share their valuable insights with you. \u003c\/p\u003e\u003cp\u003eDivided into two comprehensive parts, this practical guide focuses on the subject of information systems audit as one driven by management—not technology. \u003c\/p\u003e\u003cp\u003e\u003cb\u003ePart One\u003c\/b\u003e skillfully provides the knowledge that all information systems auditors must have to effectively perform their job. The ten chapters included here progressively build up your competence for conducting a real-life information systems audit as they cover everything from hardware and software security issues to business continuity and disaster recovery plans. \u003c\/p\u003e\u003cp\u003e\u003cb\u003ePart Two\u003c\/b\u003e of the book explains the process involved in conducting an ISecGrade audit for awarding security grade to an auditee and contains forty domain-specific checklists under the ISecGrade methodology—a proprietary open source information systems audit methodology developed by the South Asian Management Technologies Foundation. Various checklists, regulatory guidelines, and best practice standards were consulted to develop these checklists as well as the authors’ personal experiences with conducting information systems audits. \u003c\/p\u003e\u003cp\u003eComplete with the most up-to-date information you need to understand the subject, definitions of technical terms, checklists to conduct audits, and a session quiz to review the level of your understanding, this book is an indispensable resource for the information systems practitioner and aspiring professional. \u003c\/p\u003e\u003cp\u003eEngaging and accessible, \u003ci\u003eUnderstanding and Conducting Information Systems Auditing\u003c\/i\u003e  will help you make information technology installation across the world more secure.  \u003c\/p\u003e\u003cp\u003eUNDERSTANDING \u003csmall\u003eAND\u003c\/small\u003e CONDUCTING INFORMATION SYSTEMS AUDITING\u003c\/p\u003e \u003cp\u003e“This comprehensive book forms a basis for new auditors as well as experienced auditors working within an IT environment.  Covering, as it does, such aspects as hardware and software security, the conducting of an information systems risk-based audit, as well as business continuity and disaster recovery planning, it acts as a reference manual as well as an instruction manual.  Some of the focal areas such as security testing and vulnerability analysis are of particular benefit to the auditor, and the inclusion of ISecGrade Checklists makes this a must-have addition to any IT auditor’s library.” \u003c\/p\u003e\u003cp\u003e\u003cb\u003e—Richard Cascarino,\u003c\/b\u003e MBA, CIA, CRMA, CFE, CISM \u003c\/p\u003e\u003cp\u003e“Network security among organizations remains a major challenge in the evolution of the digital economy. If it were simply a technology issue the organizations could rely on IT engineers to deploy marvels of technological excellence. But ensuring continuous security is more than a mere technical matter.  The authors, who are an extraordinary blend of accounting professionals with rich international experience and network security experts (CISA certified), have superbly deployed their own professional expertise to bring out a practical guide to organizational security in the digital economy. Like a master blender they have provided a rich interdisciplinary perspective with centrality of managerial responsibility. The central theme is that both technological design and managerial systems must continuously evolve in tandem. The book will be an invaluable guide for such organizations that are looking to enhance their management control systems and dynamically evolve along with technological change.”  \u003c\/p\u003e\u003cp\u003e\u003cb\u003e—Anil Rawat,\u003c\/b\u003e PhD, Director, Institute of Business Management \u0026amp; Technology; Director, International Academy for Knowledge, Innovation \u0026amp; Technology Management, Bangalore \u003c\/p\u003e\u003cp\u003e“A balanced and practical book that covers all the key elements of information security. While it is an ideal reference for IS\/IT managers, auditors, and chartered accountants, the book does not lose relevance for the practitioners of IS, and keeps up to the demands of business and industry by addressing current management and auditing techniques of information security. The templates available in the book are especially useful for quick, out-of-the-box implementation of an in-house or external IS audit. It’s a reference book, practitioner’s handbook, and a textbook on IS audit rolled into one!” \u003c\/p\u003e\u003cp\u003e\u003cb\u003e—Mridul Banerjee,\u003c\/b\u003e CISM, CRISC \u003c\/p\u003e\u003cp\u003e“The authors provide an excellent overview of the information systems audit process, with an emphasis on today’s evolving newer technologies and issues, such as performing audits in an e-commerce environment and systems security testing.  The book is particularly strong in providing good, precise definitions and the audit implications for many of the technology concepts—such as routers, thin clients, or cloud computing—that are frequently used by information system auditors but where accurate definitions are often difficult. This kind of information helps both information system auditing newcomers and experienced professionals. \u003c\/p\u003e\u003cp\u003eIn addition to a wide range of information systems auditing and risk-based materials, the book has a large section of detailed information systems audit checklists that can be tailored to many environments. The book is an excellent resource for the information systems audit professional.” \u003c\/p\u003e\u003cp\u003e\u003cb\u003e—Robert R. Moeller,\u003c\/b\u003e CPA, CISA, CISSP, author of multiple books on internal auditing, risk management, and \t\tIT governance\u003c\/p\u003e","brand":"Wiley","offers":[{"title":"Default Title","offer_id":47990426632421,"sku":"NP9781118343746","price":113.0,"currency_code":"USD","in_stock":false}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/1842\/7735\/files\/9781118343746.jpg?v=1761787781","url":"https:\/\/k12savings.com\/es\/products\/understanding-and-conducting-information-systems-auditing-isbn-9781118343746","provider":"K12savings","version":"1.0","type":"link"}