{"product_id":"the-operational-auditing-handbook-isbn-9780470744765","title":"The Operational Auditing Handbook","description":"\u003cp\u003e\u003cb\u003eThe operational auditing HANDBOOK\u003cbr\u003e Auditing Business and IT Processes\u003c\/b\u003e \u003c\/p\u003e\u003cp\u003e\u003cb\u003eSecond Edition\u003c\/b\u003e \t \u003c\/p\u003e\u003cp\u003e\u003cb\u003eThe Operational Auditing Handbook\u003c\/b\u003e Second Edition clarifies the underlying issues, risks and objectives for a wide range of operations and activities and is a professional companion for those who design self-assessment and audit programmes of business processes in all sectors. \t \u003c\/p\u003e\u003cp\u003eTo accompany this updated edition of The \u003cb\u003eOperational Auditing Handbook\u003c\/b\u003e please visit \u003cb\u003ewww.wiley.com\/go\/chambers\u003c\/b\u003e for a complete selection of Standard Audit Programme Guides. \u003c\/p\u003e\u003cp\u003ePreface xv\u003c\/p\u003e \u003cp\u003eAcknowledgements xvii\u003c\/p\u003e \u003cp\u003e\u003cb\u003ePart \u003c\/b\u003e\u003cb\u003eI Understanding Operational Auditing 1\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e1 Approaches to Operational Auditing \u003c\/b\u003e\u003cb\u003e3\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eDefinitions of “Operational Auditing” 3\u003c\/p\u003e \u003cp\u003eScope 4\u003c\/p\u003e \u003cp\u003eAudit Approach to Operational Audits 12\u003c\/p\u003e \u003cp\u003eResourcing the Internal Audit of Technical Activities 16\u003c\/p\u003e \u003cp\u003eProductivity and Performance Measurement Systems 19\u003c\/p\u003e \u003cp\u003eValue for Money (VFM) Auditing 22\u003c\/p\u003e \u003cp\u003eBenchmarking 23\u003c\/p\u003e \u003cp\u003e\u003cb\u003e2 Business Processes \u003c\/b\u003e\u003cb\u003e27\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIntroduction 27\u003c\/p\u003e \u003cp\u003eAn Audit Universe of Business Processes 28\u003c\/p\u003e \u003cp\u003eSelf Assessment of Business Processes 30\u003c\/p\u003e \u003cp\u003eA Hybrid Audit Universe 30\u003c\/p\u003e \u003cp\u003eReasons For Process Weaknesses 30\u003c\/p\u003e \u003cp\u003eIdentifying the Processes of an Organisation 32\u003c\/p\u003e \u003cp\u003eWhy Adopt a “Cycle” or “Process” Approach to Internal Control Design and Review? 35\u003c\/p\u003e \u003cp\u003eBusiness Processes in the Standard Audit Programme Guides 35\u003c\/p\u003e \u003cp\u003eThe Hallmarks of a Good Business Process 36\u003c\/p\u003e \u003cp\u003eAcademic Cycles in a University 37\u003c\/p\u003e \u003cp\u003e\u003cb\u003e3 Developing Operational Review Programmes For Managerial and Audit Use \u003c\/b\u003e\u003cb\u003e40\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eScope 40\u003c\/p\u003e \u003cp\u003ePractical Use of SAPGs 41\u003c\/p\u003e \u003cp\u003eFormat of SAPGs 45\u003c\/p\u003e \u003cp\u003eRisk in Operational Auditing 50\u003c\/p\u003e \u003cp\u003e\u003cb\u003e4 Governance Processes \u003c\/b\u003e\u003cb\u003e75\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIntroduction 75\u003c\/p\u003e \u003cp\u003eInternal Control Processes being Part of Risk Management Processes 75\u003c\/p\u003e \u003cp\u003eRisk Management Processes being Part of Governance Processes 76\u003c\/p\u003e \u003cp\u003eObjectives of Governance, Risk Management and Control Processes 77\u003c\/p\u003e \u003cp\u003eThe COSO View of Objectives 78\u003c\/p\u003e \u003cp\u003eShould there be a Single Set of Objectives? 80\u003c\/p\u003e \u003cp\u003eThe Internal Governance Processes 81\u003c\/p\u003e \u003cp\u003eThe Board and External Aspects of Corporate Governance 81\u003c\/p\u003e \u003cp\u003eThe Board’s Assurance Vacuum 82\u003c\/p\u003e \u003cp\u003eRisk and Control Issues for Internal Governance Processes 84\u003c\/p\u003e \u003cp\u003eRisk and Control Issues for the Board 87\u003c\/p\u003e \u003cp\u003eRisk and Control Issues for External Governance Processes 90\u003c\/p\u003e \u003cp\u003e\u003cb\u003e5 Risk Management Processes \u003c\/b\u003e\u003cb\u003e95\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIntroduction 95\u003c\/p\u003e \u003cp\u003eObjectives of Risk Management 95\u003c\/p\u003e \u003cp\u003eEssential Components of Effective Risk Management 98\u003c\/p\u003e \u003cp\u003eThe Scope of Internal Audit’s Role in Risk Management 99\u003c\/p\u003e \u003cp\u003eTools for Risk Management 101\u003c\/p\u003e \u003cp\u003eThe Risk Matrix 101\u003c\/p\u003e \u003cp\u003eRisk Registers 106\u003c\/p\u003e \u003cp\u003eRisk Management Challenges 107\u003c\/p\u003e \u003cp\u003eControl Issues for Risk Management Processes 112\u003c\/p\u003e \u003cp\u003e\u003cb\u003e6 Internal Control Processes \u003c\/b\u003e\u003cb\u003e116\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIntroduction 116\u003c\/p\u003e \u003cp\u003eParadigm 1: COSO on Internal Control 118\u003c\/p\u003e \u003cp\u003eParadigm 2: Turnbull on Internal Control 128\u003c\/p\u003e \u003cp\u003eParadigm 3: COCO on Internal Control 129\u003c\/p\u003e \u003cp\u003eParadigm 4: A Systems\/Cybernetics Model of Internal Control 130\u003c\/p\u003e \u003cp\u003eParadigm 5: Control by Division with Supervision 135\u003c\/p\u003e \u003cp\u003eParadigm 6: Control by Category 137\u003c\/p\u003e \u003cp\u003eThe Objectives of Internal Control 139\u003c\/p\u003e \u003cp\u003eDetermining Whether Internal Control is Effective 141\u003c\/p\u003e \u003cp\u003eControl Cost-Effectiveness Considerations 142\u003c\/p\u003e \u003cp\u003eIssues for Internal Control Processes 143\u003c\/p\u003e \u003cp\u003e\u003cb\u003e7 Review of the Control Environment \u003c\/b\u003e\u003cb\u003e147\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIntroduction 147\u003c\/p\u003e \u003cp\u003eControl Objectives for a Review of the Control Environment 147\u003c\/p\u003e \u003cp\u003eRisk and Control Issues for a Review of the Control Environment 148\u003c\/p\u003e \u003cp\u003eFraud 149\u003c\/p\u003e \u003cp\u003e\u003cb\u003e8 Reviewing Internal Control Over Financial Reporting—The Sarbanes-Oxley Approach \u003c\/b\u003e\u003cb\u003e151\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIntroduction 151\u003c\/p\u003e \u003cp\u003eCosts and Benefits 154\u003c\/p\u003e \u003cp\u003e2007 SOX-LITE 155\u003c\/p\u003e \u003cp\u003eRevised Definitions of “Significant Deficiency” and “Material Weakness” 156\u003c\/p\u003e \u003cp\u003eUsing a Recognised Internal Control Framework for the Assessment 157\u003c\/p\u003e \u003cp\u003eRisk and Control Issues for the Sarbanes-Oxley s. 302 and s. 404\u003c\/p\u003e \u003cp\u003eCompliance Process 171\u003c\/p\u003e \u003cp\u003e\u003cb\u003e9 Business\/Management Techniques and Their Impact On Control and Audit \u003c\/b\u003e\u003cb\u003e178\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIntroduction 178\u003c\/p\u003e \u003cp\u003eBusiness Process Re-Engineering 178\u003c\/p\u003e \u003cp\u003eTotal Quality Management 181\u003c\/p\u003e \u003cp\u003eDelayering 187\u003c\/p\u003e \u003cp\u003eEmpowerment 189\u003c\/p\u003e \u003cp\u003eOutsourcing 191\u003c\/p\u003e \u003cp\u003eJust-In-Time Management (JIT) 195\u003c\/p\u003e \u003cp\u003e\u003cb\u003e10 Control Self Assessment \u003c\/b\u003e\u003cb\u003e199\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIntroduction 199\u003c\/p\u003e \u003cp\u003eSurvey and Workshop Approaches to CSA 200\u003c\/p\u003e \u003cp\u003eSelecting Workshop Participants 200\u003c\/p\u003e \u003cp\u003eWhere to Apply CSA 200\u003c\/p\u003e \u003cp\u003eCSA Roles for Management and for Internal Audit 201\u003c\/p\u003e \u003cp\u003eAvoiding Line Management Disillusionment 202\u003c\/p\u003e \u003cp\u003eEncouragement from the Top 203\u003c\/p\u003e \u003cp\u003eFacilitating CSA Workshops, and Training for CSA 204\u003c\/p\u003e \u003cp\u003eAnonymous Voting Systems 205\u003c\/p\u003e \u003cp\u003eComparing CSA with Internal Audit 205\u003c\/p\u003e \u003cp\u003eControl Self Assessment as Reassurance for Internal Audit 206\u003c\/p\u003e \u003cp\u003eA Hybrid Approach—Integrating Internal Auditing Engagements with CSA Workshops 206\u003c\/p\u003e \u003cp\u003eWorkshop Formats 207\u003c\/p\u003e \u003cp\u003eUtilising CoCo in CSA 208\u003c\/p\u003e \u003cp\u003eReadings 210\u003c\/p\u003e \u003cp\u003eControl Self Assessment 210\u003c\/p\u003e \u003cp\u003e\u003cb\u003e11 Evaluating the Internal Audit Activity \u003c\/b\u003e\u003cb\u003e214\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIntroduction 214\u003c\/p\u003e \u003cp\u003eOngoing Monitoring 214\u003c\/p\u003e \u003cp\u003ePeriodic Internal Reviews 215\u003c\/p\u003e \u003cp\u003eExternal Reviews 216\u003c\/p\u003e \u003cp\u003eCommon Weaknesses Noted by Quality Assurance Reviews 217\u003c\/p\u003e \u003cp\u003eInternal Audit Maturity Models 218\u003c\/p\u003e \u003cp\u003eEffective Measuring of Internal Auditing’s Contribution to the Enterprise’s Profitability 219\u003c\/p\u003e \u003cp\u003eControl Objectives for the Internal Audit Activity 232\u003c\/p\u003e \u003cp\u003e\u003cb\u003ePart \u003c\/b\u003e\u003cb\u003eII Auditing Key Functions 237\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e12 Auditing the Finance and Accounting Functions \u003c\/b\u003e\u003cb\u003e239\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIntroduction 239\u003c\/p\u003e \u003cp\u003eSystem\/Function Components of the Financial and Accounting Environment 239\u003c\/p\u003e \u003cp\u003eControl Objectives and Risk and Control Issues 240\u003c\/p\u003e \u003cp\u003eTreasury 241\u003c\/p\u003e \u003cp\u003ePayroll 243\u003c\/p\u003e \u003cp\u003eAccounts Payable 246\u003c\/p\u003e \u003cp\u003eAccounts Receivable 248\u003c\/p\u003e \u003cp\u003eGeneral Ledger\/Management Accounts 251\u003c\/p\u003e \u003cp\u003eFixed Assets (and Capital Charges) 253\u003c\/p\u003e \u003cp\u003eBudgeting and Monitoring 256\u003c\/p\u003e \u003cp\u003eBank Accounts and Banking Arrangements 258\u003c\/p\u003e \u003cp\u003eSales Tax (VAT) Accounting 261\u003c\/p\u003e \u003cp\u003eTaxation 263\u003c\/p\u003e \u003cp\u003eInventories 266\u003c\/p\u003e \u003cp\u003eProduct\/Project Accounting 268\u003c\/p\u003e \u003cp\u003ePetty Cash and Expenses 270\u003c\/p\u003e \u003cp\u003eFinancial Information and Reporting 272\u003c\/p\u003e \u003cp\u003eInvestments 274\u003c\/p\u003e \u003cp\u003e\u003cb\u003e13 Auditing Subsidiaries, Remote Operating Units and Joint Ventures \u003c\/b\u003e\u003cb\u003e276\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIntroduction 276\u003c\/p\u003e \u003cp\u003eFact Finding 277\u003c\/p\u003e \u003cp\u003eHigh Level Review Programme 278\u003c\/p\u003e \u003cp\u003eJoint Ventures 279\u003c\/p\u003e \u003cp\u003e\u003cb\u003e14 Auditing Contracts and the Purchasing Function \u003c\/b\u003e\u003cb\u003e285\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIntroduction 285\u003c\/p\u003e \u003cp\u003eControl Objectives and Risk and Control Issues 285\u003c\/p\u003e \u003cp\u003eContracting 289\u003c\/p\u003e \u003cp\u003eContract Management Environment 290\u003c\/p\u003e \u003cp\u003eAssessing the Viability and Competence of Contractors 295\u003c\/p\u003e \u003cp\u003eMaintaining an Approved List of Contractors 297\u003c\/p\u003e \u003cp\u003eTendering Procedures 299\u003c\/p\u003e \u003cp\u003eContracting and Tendering Documentation 302\u003c\/p\u003e \u003cp\u003eSelection and Letting of Contracts 304\u003c\/p\u003e \u003cp\u003ePerformance Monitoring 306\u003c\/p\u003e \u003cp\u003eValuing Work for Interim Payments 308\u003c\/p\u003e \u003cp\u003eContractor’s Final Account 310\u003c\/p\u003e \u003cp\u003eReview of Project Outturn and Performance 313\u003c\/p\u003e \u003cp\u003e\u003cb\u003e15 Auditing Operations and Resource Management \u003c\/b\u003e\u003cb\u003e317\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIntroduction 317\u003c\/p\u003e \u003cp\u003eSystem\/Function Components of a Production\/Manufacturing Environment 318\u003c\/p\u003e \u003cp\u003eControl Objectives and Risk and Control Issues 318\u003c\/p\u003e \u003cp\u003ePlanning and Production Control 318\u003c\/p\u003e \u003cp\u003eFacilities, Plant and Equipment 321\u003c\/p\u003e \u003cp\u003ePersonnel 324\u003c\/p\u003e \u003cp\u003eMaterials and Energy 327\u003c\/p\u003e \u003cp\u003eQuality Control 330\u003c\/p\u003e \u003cp\u003eSafety 332\u003c\/p\u003e \u003cp\u003eEnvironmental Issues 335\u003c\/p\u003e \u003cp\u003eLaw and Regulatory Compliance 338\u003c\/p\u003e \u003cp\u003eMaintenance 339\u003c\/p\u003e \u003cp\u003e\u003cb\u003e16 Auditing Marketing and Sales \u003c\/b\u003e\u003cb\u003e343\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIntroduction 343\u003c\/p\u003e \u003cp\u003eSystem\/Function Components of the Marketing and Sales Functions 343\u003c\/p\u003e \u003cp\u003eGeneral Comments 344\u003c\/p\u003e \u003cp\u003eControl Objectives and Risk and Control Issues 344\u003c\/p\u003e \u003cp\u003eProduct Development 345\u003c\/p\u003e \u003cp\u003eMarket Research 348\u003c\/p\u003e \u003cp\u003ePromotion and Advertising 350\u003c\/p\u003e \u003cp\u003ePricing and Discount Policies 353\u003c\/p\u003e \u003cp\u003eSales Management 355\u003c\/p\u003e \u003cp\u003eSales Performance and Monitoring 359\u003c\/p\u003e \u003cp\u003eDistributors 362\u003c\/p\u003e \u003cp\u003eRelationship with the Parent Company 366\u003c\/p\u003e \u003cp\u003eAgents 368\u003c\/p\u003e \u003cp\u003eOrder Processing 371\u003c\/p\u003e \u003cp\u003eWarranty Arrangements 375\u003c\/p\u003e \u003cp\u003eMaintenance and Servicing 377\u003c\/p\u003e \u003cp\u003eSpare Parts and Supply 380\u003c\/p\u003e \u003cp\u003e\u003cb\u003e17 Auditing Distribution \u003c\/b\u003e\u003cb\u003e383\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIntroduction 383\u003c\/p\u003e \u003cp\u003eSystem\/Function Components of Distribution 383\u003c\/p\u003e \u003cp\u003eControl Objectives and Risk and Control Issues 384\u003c\/p\u003e \u003cp\u003eDistribution, Transport and Logistics 384\u003c\/p\u003e \u003cp\u003eDistributors 388\u003c\/p\u003e \u003cp\u003eStock Control 392\u003c\/p\u003e \u003cp\u003eWarehousing and Storage 395\u003c\/p\u003e \u003cp\u003e\u003cb\u003e18 Auditing Human Resources \u003c\/b\u003e\u003cb\u003e399\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIntroduction 399\u003c\/p\u003e \u003cp\u003eSystem\/Function Components of the Personnel Function 399\u003c\/p\u003e \u003cp\u003eControl Objectives and Risk and Control Issues 399\u003c\/p\u003e \u003cp\u003eHuman Resources Department 400\u003c\/p\u003e \u003cp\u003eRecruitment 404\u003c\/p\u003e \u003cp\u003eManpower and Succession Planning 408\u003c\/p\u003e \u003cp\u003eStaff Training and Development 410\u003c\/p\u003e \u003cp\u003eWelfare 413\u003c\/p\u003e \u003cp\u003ePerformance-Related Compensation, Pension Schemes (and other Benefits) 415\u003c\/p\u003e \u003cp\u003eHealth Insurance 422\u003c\/p\u003e \u003cp\u003eStaff Appraisal and Disciplinary Matters 424\u003c\/p\u003e \u003cp\u003eHealth and Safety 427\u003c\/p\u003e \u003cp\u003eLabour Relations 430\u003c\/p\u003e \u003cp\u003eCompany Vehicles 432\u003c\/p\u003e \u003cp\u003e\u003cb\u003e19 Auditing Research and Development \u003c\/b\u003e\u003cb\u003e437\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIntroduction 437\u003c\/p\u003e \u003cp\u003eSystem\/Function Components of Research and Development 437\u003c\/p\u003e \u003cp\u003eControl Objectives and Risk and Control Issues 437\u003c\/p\u003e \u003cp\u003eProduct Development 438\u003c\/p\u003e \u003cp\u003eProject Appraisal and Monitoring 442\u003c\/p\u003e \u003cp\u003ePlant and Equipment 445\u003c\/p\u003e \u003cp\u003eDevelopment Project Management 447\u003c\/p\u003e \u003cp\u003eLegal and Regulatory Issues 450\u003c\/p\u003e \u003cp\u003e\u003cb\u003e20 Auditing Security \u003c\/b\u003e\u003cb\u003e453\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIntroduction 453\u003c\/p\u003e \u003cp\u003eControl Objectives and Risk and Control Issues 454\u003c\/p\u003e \u003cp\u003eSecurity 454\u003c\/p\u003e \u003cp\u003eHealth and Safety 457\u003c\/p\u003e \u003cp\u003eInsurance 460\u003c\/p\u003e \u003cp\u003e\u003cb\u003e21 Auditing Environmental Responsibility \u003c\/b\u003e\u003cb\u003e463\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIntroduction 463\u003c\/p\u003e \u003cp\u003eEnvironmental Auditing 465\u003c\/p\u003e \u003cp\u003eThe Emergence of Environmental Concerns 465\u003c\/p\u003e \u003cp\u003eEMAS—The European Eco-Management and Audit Scheme 466\u003c\/p\u003e \u003cp\u003eLinking Environmental Issues to Corporate Strategy and Securing Benefits 467\u003c\/p\u003e \u003cp\u003eEnvironmental Assessment and Auditing System Considerations 468\u003c\/p\u003e \u003cp\u003eThe Role of Internal Audit 470\u003c\/p\u003e \u003cp\u003eExample Programme 470\u003c\/p\u003e \u003cp\u003e\u003cb\u003ePart \u003c\/b\u003e\u003cb\u003eIII Auditing Information Technology 477\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e22 Auditing Information Technology \u003c\/b\u003e\u003cb\u003e479\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIntroduction 479\u003c\/p\u003e \u003cp\u003eIntroduction to Recognised Standards Related to Information Technology and Related Topics 480\u003c\/p\u003e \u003cp\u003eSystem\/Function Components of Information Technology and Management 486\u003c\/p\u003e \u003cp\u003eControl Objectives and Risk and Control Issues 488\u003c\/p\u003e \u003cp\u003e\u003cb\u003e23 It Strategic Planning \u003c\/b\u003e\u003cb\u003e489\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e24 It Organisation \u003c\/b\u003e\u003cb\u003e493\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e25 It Policy Framework \u003c\/b\u003e\u003cb\u003e496\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e26 Information Asset Register \u003c\/b\u003e\u003cb\u003e502\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e27 Capacity Management \u003c\/b\u003e\u003cb\u003e511\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e28 Information Management (IM) \u003c\/b\u003e\u003cb\u003e514\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e29 Records Management (RM) \u003c\/b\u003e\u003cb\u003e524\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e30 Knowledge Management (KM) \u003c\/b\u003e\u003cb\u003e542\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e31 It Sites and Infrastructure (Including Physical Security) \u003c\/b\u003e\u003cb\u003e554\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e32 Processing Operations \u003c\/b\u003e\u003cb\u003e559\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e33 Back-Up and Media Management \u003c\/b\u003e\u003cb\u003e562\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e34 Removable Media \u003c\/b\u003e\u003cb\u003e566\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e35 System and Operating Software (Including Patch Management) \u003c\/b\u003e\u003cb\u003e570\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e36 System Access Control (Logical Security) \u003c\/b\u003e\u003cb\u003e576\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e37 Personal Computers (Including Laptops and PDAS) \u003c\/b\u003e\u003cb\u003e580\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e38 Remote Working \u003c\/b\u003e\u003cb\u003e585\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e39 Email \u003c\/b\u003e\u003cb\u003e590\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e40 Internet Usage \u003c\/b\u003e\u003cb\u003e598\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e41 Software Maintenance (Including Change Management) \u003c\/b\u003e\u003cb\u003e605\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e42 Networks \u003c\/b\u003e\u003cb\u003e609\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e43 Databases \u003c\/b\u003e\u003cb\u003e613\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e44 Data Protection \u003c\/b\u003e\u003cb\u003e616\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e45 Freedom of Information \u003c\/b\u003e\u003cb\u003e627\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e46 Data Transfer and Sharing (Standards and Protocol) \u003c\/b\u003e\u003cb\u003e636\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e47 Legal Responsibilities \u003c\/b\u003e\u003cb\u003e645\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e48 Facilities Management \u003c\/b\u003e\u003cb\u003e648\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e49 System Development \u003c\/b\u003e\u003cb\u003e651\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e50 Software Selection \u003c\/b\u003e\u003cb\u003e655\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e51 Contingency Planning \u003c\/b\u003e\u003cb\u003e658\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e52 Human Resources Information Security \u003c\/b\u003e\u003cb\u003e661\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e53 Monitoring and Logging \u003c\/b\u003e\u003cb\u003e667\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e54 Information Security Incidents \u003c\/b\u003e\u003cb\u003e671\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e55 Data Retention and Disposal \u003c\/b\u003e\u003cb\u003e680\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e56 Electronic Data Interchange (EDI) \u003c\/b\u003e\u003cb\u003e688\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e57 Viruses \u003c\/b\u003e\u003cb\u003e691\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e58 User Support \u003c\/b\u003e\u003cb\u003e694\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e59 Bacs \u003c\/b\u003e\u003cb\u003e696\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e60 Spreadsheet Design and Good Practice \u003c\/b\u003e\u003cb\u003e699\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e61 It Health Checks \u003c\/b\u003e\u003cb\u003e707\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e62 It Accounting \u003c\/b\u003e\u003cb\u003e710\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eAppendix 1 Index to SAPGs on the Companion Website 712\u003c\/p\u003e \u003cp\u003eAppendix 2 Standard Audit Programme Guides 719\u003c\/p\u003e \u003cp\u003eAppendix 3 International Data Protection Legislation 729\u003c\/p\u003e \u003cp\u003eAppendix 4 International Freedom of Information Legislation 763\u003c\/p\u003e \u003cp\u003eAppendix 5 Information Management Definitions 835\u003c\/p\u003e \u003cp\u003eAppendix 6 IT and Information Management Policies 839\u003c\/p\u003e \u003cp\u003eBibliography 852\u003c\/p\u003e \u003cp\u003eIndex 859\u003c\/p\u003e  \u003cp\u003e\u003cb\u003eAndrew Chambers\u003c\/b\u003e is Professor of Internal Auditing at London South Bank University and professor emeritus of Cass Business School, London. He runs Management Audit LLP specializing in auditing and corporate governance work, and is a member of the international Internal Auditing Standards Board. \u003c\/p\u003e\u003cp\u003e\u003cb\u003eGraham Rand\u003c\/b\u003e specialises in IT auditing, risk management and operational review. His career, in the UK and overseas, has featured involvement in a range of organisations, principally in the electrical retail, financial services and public sectors. Much of his current consultancy is on Information Management, Records Management, IT Security and providing support on the development of Risk Management and Information Security environments.   \u003c\/p\u003e\u003cp\u003e\u003cb\u003eThe operational auditing HANDBOOK\u003cbr\u003e Auditing Business and IT Processes\u003c\/b\u003e \u003c\/p\u003e\u003cp\u003e\u003cb\u003eSecond Edition\u003c\/b\u003e \t \u003c\/p\u003e\u003cp\u003e\u003cb\u003eThe Operational Auditing Handbook\u003c\/b\u003e Second Edition clarifies the underlying issues, risks and objectives for a wide range of operations and activities and is a professional companion for those who design self-assessment and audit programmes of business processes in all sectors. \t \u003c\/p\u003e\u003cp\u003eTo accompany this updated edition of The \u003cb\u003eOperational Auditing Handbook\u003c\/b\u003e please visit \u003cb\u003ewww.wiley.com\/go\/chambers\u003c\/b\u003e for a complete selection of Standard Audit Programme Guides.\u003c\/p\u003e","brand":"Wiley","offers":[{"title":"Default Title","offer_id":47990304997605,"sku":"NP9780470744765","price":227.0,"currency_code":"USD","in_stock":false}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/1842\/7735\/files\/9780470744765.jpg?v=1761787280","url":"https:\/\/k12savings.com\/products\/the-operational-auditing-handbook-isbn-9780470744765","provider":"K12savings","version":"1.0","type":"link"}