IT Audit Book





New Release 


  • Hardcover: 512 pages
  • Publisher: Wiley (March 23, 2007)
  • Language: English
  • ISBN-10: 0470009896
  • ISBN-13: 978-0470009895
  • A step-by-step guide to successful implementation and control of information systems

    More and more, auditors are being called upon to assess the risks and evaluate the controls over computer information systems in all types of organizations. However, many auditors are unfamiliar with the techniques they need to know to efficiently and effectively determine whether information systems are adequately protected. Auditor's Guide to Information Systems Auditing presents an easy, practical guide for auditors that can be applied to all computing environments.

    As networks and enterprise resource planning systems bring resources together, and as increasing privacy violations threaten more organization, information systems integrity becomes more important than ever. With a complimentary student's version of the IDEA Data Analysis Software CD, Auditor's Guide to Information Systems Auditing empowers auditors to effectively gauge the adequacy and effectiveness of information systems controls.

    It has become impossible for today's enterprises of any size and in any market sector to exist without computers to assist with their fundamental business operations. The modern auditor, therefore, requires significantly more knowledge of computers and computer auditing than did auditors of earlier years. In order for organizations to take full advantage of the opportunities that computers can offer, their systems must be controlled and dependable.

    Written for those who need to gain a practical working knowledge of the risks and control opportunities within an information processing (IP) environment, as well as the auditing of that environment, Auditor's Guide to Information Systems Auditing includes a complementary student's version of the IDEA Data Analysis Software CD and is particularly useful for professionals and students within the fields of:

    • IT security
    • IT audit
    • Internal audit
    • External audit
    • Management information systems
    • General business management

    Emphasizing the practical implementation of principles and techniques through the use of realistic case studies, Auditor's Guide to Information Systems Auditing follows the approach used by the Information System Audit and Control Association's model curriculum and is an excellent study guide for those preparing for the CISA and CISM exams.

    This invaluable reference manual is filled with relevant information helpful to those accountable to management for the successful implementation and control of information systems and covers a wide range of topics, serving as an indispensable introductory reference to IT auditing.

    Praise for Auditor's Guide to Information Systems Auditing

     "Auditor's Guide to Information Systems Auditing is the most comprehensive book about auditing that I have ever seen. There is something in this book for everyone. New auditors will find this book to be their bible—reading it will enable them to learn what the role of auditors really is and will convey to them what they must know, understand, and look for when performing audits. For experiencedauditors, this book will serve as a reality check to determine whether they are examining the right issues and whether they are being sufficiently comprehensive in their focus. Richard Cascarino has done a superb job."
    —E. Eugene Schultz, PhD, CISSP, CISM Chief Technology Officer and Chief Information Security Officer, High Tower Software


     About the Author:

    Richard Cascarino MBA, CIA, CISM, CFE

    Well known in international auditing circles as one of the most knowledgeable practitioners in the field, Richard is principal of Richard Cascarino and Associates, a highly successful audit training and consultancy company.  Richard has been involved during the past eight years in the development of the undergraduate and postgraduate courses in Internal Auditing for the School of Accountancy, University of the Witwatersrand, Johannesburg (Wits), where he continues to lecture and act as examiner. He has also presented the IT Security module of the Wits post-graduate diploma in IT auditing for the past 24 years. He is a regular speaker at National and International Conferences and has presented courses throughout Africa, Europe, the Middle East and the USA. He has served on various Audit Committees and was chairman of the Gauteng Cluster 2 Audit Committee (Johannesburg).

    Richard is a Past President of the Institute of Internal Auditors (IIA) in South Africa, was the founding Regional Director of the Southern African Region of the Institute of Internal Auditors Inc. and is a member of both ISACA and the American Institute of Certified Fraud Examiners. He served as International Vice-Chairperson on the IIA’s Quality Control Committee and is a question contributor for the CIA examination the CISA examination and the CISM examination.

    Section 1 – The IS Audit Process

    • 1              Technology and Audit

    • 2                      IS Audit Function Knowledge
    • 3                      IS Risk andFundamental Auditing Concepts
    • 4                      Standards and Guidelines for IS Auditing
    • 5                      Internal Controls Concepts Knowledge
    • 6                      Risk Management of the IS Function

    • 7                      Audit Planning Process
    • 8                      Audit Management

    • 9                      Audit Evidence Process

    • 10                    Audit Reporting and Follow-up

    Section 2 – IT Governance

    • 11                    IS/IT Management

    • 12                    IS/IT Strategic Planning                   

    • 13                    IS/IT Management Issues                                                   

    • 14                    Support Tools and Frameworks
    • 15                    Governance Techniques    
    Section 3 – Systems and Infrastructure Lifecycle
    • 16                    IS Planning

    • 17                    Information Management and Usage

    • 18                    Development, Acquisition and Maintenance of Information Systems

    • 19                    Impact of IT on the Business Processes and Solutions

    • 20                    Software Development

    • 21                    Audit and Control of Purchased Packages

    • 22                    The Audit Role in Feasibility Studies and Conversions

    • 23                    Audit and Development of Application Controls

    Section 4 – IT Service Delivery and Support

    • 24                    Technical Infrastructure
    • 25                    Service Centre Management
    Section 5 – Protection of Information Assets
    • 26                    Information Assets Security Management

    • 27                    Logical IT Security

    • 28                    Applied IT Security

    • 29                    Physical and Environmental Security

    Section 6 – Business Continuity and Disaster Recovery
    • 30                    Protection of the Information Technology Architecture and Assets: Disaster Recovery Planning

    • 31                    Insurance

    Section 8 – Advanced IS Auditing
    • 32                    Establishing and Optimizing the IS Auditing Function

    • 33                    Auditing e-commerce systems

    • 34                    Auditing UNIX / LINUX

    • 35                    Auditing Windows

    • 36                    Foiling the System Hackers

    • 37                    Investigating IT Fraud


    Appendix A           Standards for the IS Auditor

    Appendix B           Audit Programme for Application Systems Auditing

    Appendix C           Logical Access Control Audit Programme

    Appendix D           Audit Programme for Auditing UNIX / LINUX Environments

    Appendix E           Audit Programme for Auditing Windows XP/2000 Environments


    Available From

    Kalahari. net