{"product_id":"it-audit-control-and-security-isbn-9780471406761","title":"IT Audit, Control, and Security","description":"When it comes to computer security, the role of auditors today has never been more crucial. Auditors must ensure that all computers, in particular those dealing with e-business, are secure. The only source for information on the combined areas of computer audit, control, and security, the \u003ci\u003eIT Audit, Control, and Security\u003c\/i\u003e describes the types of internal controls, security, and integrity procedures that management must build into its automated systems. This very timely book provides auditors with the guidance they need to ensure that their systems are secure from both internal and external threats. \u003cp\u003eIntroduction xiii\u003c\/p\u003e \u003cp\u003e\u003cb\u003ePART ONE: AUDITING INTERNAL CONTROLS IN AN IT ENVIRONMENT 1\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 1: SOx and the COSO Internal Controls Framework 3\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eRoles and Responsibilities of IT Auditors 4\u003c\/p\u003e \u003cp\u003eImportance of Effective Internal Controls and COSO 6\u003c\/p\u003e \u003cp\u003eCOSO Internal Control Systems Monitoring Guidance 21\u003c\/p\u003e \u003cp\u003eSarbanes-Oxley Act 22\u003c\/p\u003e \u003cp\u003eWrapping It Up: COSO Internal Controls and SOx 31\u003c\/p\u003e \u003cp\u003eNotes 31\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 2: Using CobiT to Perform IT Audits 32\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIntroduction to CobiT 33\u003c\/p\u003e \u003cp\u003eCobiT Framework 35\u003c\/p\u003e \u003cp\u003eUsing CobiT to Assess Internal Controls 39\u003c\/p\u003e \u003cp\u003eUsing CobiT in a SOx Environment 51\u003c\/p\u003e \u003cp\u003eCobiT Assurance Framework Guidance 54\u003c\/p\u003e \u003cp\u003eCobiT in Perspective 55\u003c\/p\u003e \u003cp\u003eNotes 55\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 3: IIA and ISACA Standards for the Professional Practice of Internal Auditing 57\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eInternal Auditing’s International Professional Practice Standards 58\u003c\/p\u003e \u003cp\u003eContent of the IPPF and the IIA International Standards 61\u003c\/p\u003e \u003cp\u003eStrongly Recommended IIA Standards Guidance 75\u003c\/p\u003e \u003cp\u003eISACA IT Auditing Standards Overview 76\u003c\/p\u003e \u003cp\u003eCodes of Ethics: The IIA and ISACA 79\u003c\/p\u003e \u003cp\u003eNotes 81\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 4: Understanding Risk Management Through COSO ERM 82\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eRisk Management Fundamentals 83\u003c\/p\u003e \u003cp\u003eQuantitative Risk Analysis Techniques 92\u003c\/p\u003e \u003cp\u003eIIA and ISACA Risk Management Internal Audit Guidance 94\u003c\/p\u003e \u003cp\u003eCOSO ERM: Enterprise Risk Management 97\u003c\/p\u003e \u003cp\u003eIT Audit Risk and COSO ERM 113\u003c\/p\u003e \u003cp\u003eNotes 115\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 5: Performing Effective IT Audits 117\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIT Audit and the Enterprise Internal Audit Function 118\u003c\/p\u003e \u003cp\u003eOrganizing and Planning IT Audits 122\u003c\/p\u003e \u003cp\u003eDeveloping and Preparing Audit Programs 127\u003c\/p\u003e \u003cp\u003eGathering Audit Evidence and Testing Results 132\u003c\/p\u003e \u003cp\u003eWorkpapers and Reporting IT Audit Results 142\u003c\/p\u003e \u003cp\u003ePreparing Effective IT Audits 148\u003c\/p\u003e \u003cp\u003eNotes 149\u003c\/p\u003e \u003cp\u003e\u003cb\u003ePART TWO: AUDITING IT GENERAL CONTROLS 151\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 6: General Controls in Today’s IT Environments 153\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eImportance of IT General Controls 154\u003c\/p\u003e \u003cp\u003eIT Governance General Controls 157\u003c\/p\u003e \u003cp\u003eIT Management General Controls 158\u003c\/p\u003e \u003cp\u003eIT Technical Environment General Controls 174\u003c\/p\u003e \u003cp\u003eNote 174\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 7: Infrastructure Controls and ITIL Service\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eManagement Best Practices 175\u003c\/p\u003e \u003cp\u003eITIL Service Management Best Practices 176\u003c\/p\u003e \u003cp\u003eITIL’s Service Strategies Component 179\u003c\/p\u003e \u003cp\u003eITIL Service Design 181\u003c\/p\u003e \u003cp\u003eITIL Service Transition Management Processes 189\u003c\/p\u003e \u003cp\u003eITIL Service Operation Processes 194\u003c\/p\u003e \u003cp\u003eService Delivery Best Practices 198\u003c\/p\u003e \u003cp\u003eAuditing IT Infrastructure Management 199\u003c\/p\u003e \u003cp\u003eNote 200\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 8: Systems Software and IT Operations General Controls 201\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIT Operating System Fundamentals 202\u003c\/p\u003e \u003cp\u003eFeatures of a Computer Operating System 206\u003c\/p\u003e \u003cp\u003eOther Systems Software Tools 209\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 9: Evolving Control Issues: Wireless Networks, Cloud Computing, and Virtualization 214\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eUnderstanding and Auditing IT Wireless Networks 215\u003c\/p\u003e \u003cp\u003eUnderstanding Cloud Computing 220\u003c\/p\u003e \u003cp\u003eStorage Management Virtualization 225\u003c\/p\u003e \u003cp\u003e\u003cb\u003ePART THREE: AUDITING AND TESTING IT APPLICATION CONTROLS 227\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 10: Selecting, Testing, and Auditing IT Applications 229\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIT Application Control Elements 230\u003c\/p\u003e \u003cp\u003eSelecting Applications for IT Audit Reviews 239\u003c\/p\u003e \u003cp\u003ePerforming an Applications Controls Review: Preliminary Steps 242\u003c\/p\u003e \u003cp\u003eCompleting the IT Applications Controls Audit 249\u003c\/p\u003e \u003cp\u003eApplication Review Case Study: Client-Server Budgeting System 255\u003c\/p\u003e \u003cp\u003eAuditing Applications under Development 258\u003c\/p\u003e \u003cp\u003eImportance of Reviewing IT Application Controls 266\u003c\/p\u003e \u003cp\u003eNotes 266\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 11: Software Engineering and CMMi 267\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eSoftware Engineering Concepts 267\u003c\/p\u003e \u003cp\u003eCMMi: Capability Maturity Model for Integration 269\u003c\/p\u003e \u003cp\u003eCMMi Benefits 280\u003c\/p\u003e \u003cp\u003eIT Audit, Internal Control, and CMMi 281\u003c\/p\u003e \u003cp\u003eNote 282\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 12: Auditing Service-Oriented Architectures and Record Management Processes 283\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eService-Oriented Computing and Service-Driven Applications 284\u003c\/p\u003e \u003cp\u003eIT Auditing in SOA Environments 294\u003c\/p\u003e \u003cp\u003eElectronic Records Management Internal Control Issues and Risks 300\u003c\/p\u003e \u003cp\u003eIT Audits of Electronic Records Management Processes 301\u003c\/p\u003e \u003cp\u003eNotes 303\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 13: Computer-Assisted Audit Tools and Techniques 304\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eUnderstanding Computer-Assisted Audit Tools and Techniques 305\u003c\/p\u003e \u003cp\u003eDetermining the Need for CAATTs 308\u003c\/p\u003e \u003cp\u003eCAATT Software Tools 311\u003c\/p\u003e \u003cp\u003eSteps to Building Effective CAATTs 326\u003c\/p\u003e \u003cp\u003eImportance of CAATTs for Audit Evidence Gathering 327\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 14: Continuous Assurance Auditing, OLAP, and XBRL 329\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eImplementing Continuous Assurance Auditing 330\u003c\/p\u003e \u003cp\u003eBenefits of Continuous Assurance Auditing Tools 338\u003c\/p\u003e \u003cp\u003eData Warehouses, Data Mining, and OLAP 339\u003c\/p\u003e \u003cp\u003eXBRL: The Internet-Based Extensible Markup Language 346\u003c\/p\u003e \u003cp\u003eNewer Technologies, the Continuous Close, and IT Audit 351\u003c\/p\u003e \u003cp\u003eNotes 351\u003c\/p\u003e \u003cp\u003e\u003cb\u003ePART FOUR: IMPORTANCE OF IT GOVERNANCE 353\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 15: IT Controls and the Audit Committee 355\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eRole of the Audit Committee for IT Auditors 356\u003c\/p\u003e \u003cp\u003eAudit Committee Approval of Internal Audit Plans and Budgets 357\u003c\/p\u003e \u003cp\u003eAudit Committee Briefings on IT Audit Issues 359\u003c\/p\u003e \u003cp\u003eAudit Committee Review and Action on Significant IT Audit Findings 360\u003c\/p\u003e \u003cp\u003eIT Audit and the Audit Committee 362\u003c\/p\u003e \u003cp\u003eChapter 16: Val IT, Portfolio Management, and Project Management 363\u003c\/p\u003e \u003cp\u003eVal IT: Enhancing the Value of IT Investments 364\u003c\/p\u003e \u003cp\u003eIT Systems Portfolio and Program Management 371\u003c\/p\u003e \u003cp\u003eProject Management for IT Auditors 374\u003c\/p\u003e \u003cp\u003eNotes 383\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 17: Compliance with IT-Related Laws and Regulations 384\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eComputer Fraud and Abuse Act 386\u003c\/p\u003e \u003cp\u003eComputer Security Act of 1987 387\u003c\/p\u003e \u003cp\u003eGramm-Leach-Bliley Act 390\u003c\/p\u003e \u003cp\u003eHIPAA: Healthcare and Much More 395\u003c\/p\u003e \u003cp\u003eOther Personal Privacy and Security Legislative Requirements 403\u003c\/p\u003e \u003cp\u003eIT-Related Laws, Regulations, and Audit Standards 404\u003c\/p\u003e \u003cp\u003eChapter 18: Understanding and Reviewing Compliance with ISO Standards 407\u003c\/p\u003e \u003cp\u003eBackground and Importance of ISO Standards in a World of Global Commerce 408\u003c\/p\u003e \u003cp\u003eISO Standards Overview 410\u003c\/p\u003e \u003cp\u003eISO 19011 Quality Management Systems Auditing 419\u003c\/p\u003e \u003cp\u003eISO Standards and IT Auditors 421\u003c\/p\u003e \u003cp\u003eNotes 421\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 19: Controls to Establish an Effective IT Security Environment 422\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eGenerally Accepted Security Standards 423\u003c\/p\u003e \u003cp\u003eEffective IT Perimeter Security 429\u003c\/p\u003e \u003cp\u003eEstablishing an Effective, Enterprise-Wide Security Strategy 430\u003c\/p\u003e \u003cp\u003eBest Practices for IT Audit and Security 432\u003c\/p\u003e \u003cp\u003eNotes 433\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 20: Cybersecurity and Privacy Controls 434\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIT Network Security Fundamentals 435\u003c\/p\u003e \u003cp\u003eIT Systems Privacy Concerns 443\u003c\/p\u003e \u003cp\u003ePCI-DSS Fundamentals 446\u003c\/p\u003e \u003cp\u003eAuditing IT Security and Privacy 447\u003c\/p\u003e \u003cp\u003eSecurity and Privacy in the Internal Audit Department 448\u003c\/p\u003e \u003cp\u003eNotes 453\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 21: IT Fraud Detection and Prevention 454\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eUnderstanding and Recognizing Fraud in an IT Environment 455\u003c\/p\u003e \u003cp\u003eRed Flags: Fraud Detection Signs for IT and Other Internal Auditors 456\u003c\/p\u003e \u003cp\u003ePublic Accounting’s Role in Fraud Detection 461\u003c\/p\u003e \u003cp\u003eIIA Standards and ISACA Materials for Detecting and Investigating Fraud 462\u003c\/p\u003e \u003cp\u003eIT Audit Fraud Risk Assessments 464\u003c\/p\u003e \u003cp\u003eIT Audit Fraud Investigations 467\u003c\/p\u003e \u003cp\u003eIT Fraud Prevention Processes 468\u003c\/p\u003e \u003cp\u003eFraud Detection and the IT Auditor 471\u003c\/p\u003e \u003cp\u003eNotes 471\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 22: Identity and Access Management 472\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eImportance of Identity and Access Management 473\u003c\/p\u003e \u003cp\u003eIdentity Management Processes 474\u003c\/p\u003e \u003cp\u003eSeparation of Duties Identify Management Controls 477\u003c\/p\u003e \u003cp\u003eAccess Management Provisioning 478\u003c\/p\u003e \u003cp\u003eAuthentication and Authorization 479\u003c\/p\u003e \u003cp\u003eAuditing Identity and Access Management Processes 481\u003c\/p\u003e \u003cp\u003eNote 485\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 23: Establishing Effective IT Disaster Recovery Processes 486\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIT Disaster and Business Continuity Planning Today 487\u003c\/p\u003e \u003cp\u003eBuilding and Auditing an IT Disaster Recovery Plan 489\u003c\/p\u003e \u003cp\u003eBuilding the IT Disaster Recovery Plan 497\u003c\/p\u003e \u003cp\u003eDisaster Recovery Planning and Service Level Agreements 503\u003c\/p\u003e \u003cp\u003eNewer Disaster Recovery Plan Technologies: Data Mirroring Techniques 505\u003c\/p\u003e \u003cp\u003eAuditing Business Continuity Plans 506\u003c\/p\u003e \u003cp\u003eDisaster Recovery and Business Continuity Planning Going Forward 508\u003c\/p\u003e \u003cp\u003eNotes 508\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 24: Electronic Archiving and Data Retention 509\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eElements of a Successful Electronic Records Management Process 510\u003c\/p\u003e \u003cp\u003eElectronic Documentation Standards 516\u003c\/p\u003e \u003cp\u003eImplementing Electronic IT Data Archiving 517\u003c\/p\u003e \u003cp\u003eAuditing Electronic Document Retention and Archival Processes 519\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 25: Business Continuity Management, BS 25999, and ISO 27001 521\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIT Business Continuity Management Planning Needs Today 522\u003c\/p\u003e \u003cp\u003eBS 25999 Good Practice Guidelines 524\u003c\/p\u003e \u003cp\u003eAuditing BCM Processes 540\u003c\/p\u003e \u003cp\u003eLinking the BCM with Other Standards and Processes 543\u003c\/p\u003e \u003cp\u003eNotes 543\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 26: Auditing Telecommunications and IT Communications Networks 544\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eNetwork Security Concepts 545\u003c\/p\u003e \u003cp\u003eEffective IT Network Security Controls 549\u003c\/p\u003e \u003cp\u003eAuditing a VPN Installation 555\u003c\/p\u003e \u003cp\u003eNote 557\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 27: Change and Patch Management Controls 558\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIT Change Management Processes 559\u003c\/p\u003e \u003cp\u003eAuditing IT Change and Patch Management Controls 573\u003c\/p\u003e \u003cp\u003eNotes 576\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 28: Six Sigma and Lean Technologies 577\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eSix Sigma Background and Concepts 578\u003c\/p\u003e \u003cp\u003eImplementing Six Sigma 580\u003c\/p\u003e \u003cp\u003eLean Six Sigma 587\u003c\/p\u003e \u003cp\u003eNotes 590\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 29: Building an Effective IT Internal Audit Function 591\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eEstablishing an IT Internal Audit Function 592\u003c\/p\u003e \u003cp\u003eInternal Audit Charter: An Important IT Audit Authorization 593\u003c\/p\u003e \u003cp\u003eRole of the Chief Audit Executive 595\u003c\/p\u003e \u003cp\u003eIT Audit Specialists 596\u003c\/p\u003e \u003cp\u003eIT Audit Managers and Supervisors 598\u003c\/p\u003e \u003cp\u003eInternal and IT Audit Policies and Procedures 599\u003c\/p\u003e \u003cp\u003eOrganizing an Effective IT Audit Function 601\u003c\/p\u003e \u003cp\u003eImportance of a Strong IT Audit Function 604\u003c\/p\u003e \u003cp\u003eNote 605\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 30: Professional Certifications: CISA, CIA, and More 606\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eCertified Information Systems Auditor Credentials 607\u003c\/p\u003e \u003cp\u003eCertified Information Security Manager Credentials 609\u003c\/p\u003e \u003cp\u003eCertificate in the Governance of Enterprise IT 611\u003c\/p\u003e \u003cp\u003eCertified Internal Auditor Responsibilities and Requirements 612\u003c\/p\u003e \u003cp\u003eBeyond the CIA: Other IIA Certifications 623\u003c\/p\u003e \u003cp\u003eCISSP Information Systems Security Professional Certification 628\u003c\/p\u003e \u003cp\u003eCertified Fraud Examiner Certification 628\u003c\/p\u003e \u003cp\u003eASQ Internal Audit Certifications 629\u003c\/p\u003e \u003cp\u003eOther Internal Auditor Certifications 630\u003c\/p\u003e \u003cp\u003eNote 631\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 31: Quality Assurance Auditing and ASQ Standards 632\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eDuties and Responsibilities of Quality Auditors 633\u003c\/p\u003e \u003cp\u003eRole of the Quality Auditor 635\u003c\/p\u003e \u003cp\u003ePerforming ASQ Quality Audits 638\u003c\/p\u003e \u003cp\u003eQuality Assurance Reviews of IT Audit Functions 641\u003c\/p\u003e \u003cp\u003eFuture Directions for Quality Assurance Auditing 647\u003c\/p\u003e \u003cp\u003eNotes 648\u003c\/p\u003e \u003cp\u003eIndex 649\u003c\/p\u003e \u003cb\u003eRobert R. Moeller\u003c\/b\u003e (Evanston, IL), CPA, CISA, PMP, CISSP, is the founder of Compliance and control Systems Associates, a consulting firm that specialized in internal audit and project management with a strong understanding of information systems, corporate governance and security. He has over 30 years of experience in internal auditing, ranging from launching new internal audit functions in several companies to serving as audit director for a Fortune 50 corporation. He held positions with Grant Thornton (National Director of Computer Auditing) and Sears Roebuck (Audit Director). A frequently published author and professional speaker, Moeller provides insights into many of the new rules impacting internal auditors today as well as the challenges audit committees face when dealing with Sarbanes-Oxley, internal controls, and their internal auditors. Moeller is the former president of the Institute of Internal Auditor's Chicago chapter and has served on the IIA's International Advanced Technology Committee. He is also the former chair of the AICPA's Computer Audit Subcommittee.","brand":"Wiley","offers":[{"title":"Default Title","offer_id":47989483864293,"sku":"NP9780471406761","price":105.0,"currency_code":"USD","in_stock":false}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/1842\/7735\/files\/9780471406761.jpg?v=1761784285","url":"https:\/\/k12savings.com\/products\/it-audit-control-and-security-isbn-9780471406761","provider":"K12savings","version":"1.0","type":"link"}