Read more
Informationen zum Autor RICHARD E. CASCARINO, MBA, CIA, CISA, CISM, is a consultant and lecturer with over thirty years' experience in internal, forensic, risk, and computer auditing. He is Managing Director of Richard Cascarino & Associates, a successful audit training and consultancy company. For the last twenty-five years, they have been providing consultancy and professional development services to clients throughout the southern African region as well as Europe, the Middle East, and the United States. He is a past president of the Institute of Internal Auditors South Africa (IIA SA), was the founding Regional Director of the Southern African Region of the IIA Inc., and is a member of both the Information Systems Audit and Control Association and the Association of Certified Fraud Examiners. Klappentext Step-by-step guide to successful implementation and control of IT systems--including the CloudMany auditors are unfamiliar with the techniques they need to know to efficiently and effectively determine whether information systems are adequately protected. Now in a Second Edition, Auditor's Guide to IT Auditing presents an easy, practical guide for auditors that can be applied to all computing environments.* Follows the approach used by the Information System Audit and Control Association's model curriculum, making this book a practical approach to IS auditing* Serves as an excellent study guide for those preparing for the CISA and CISM exams* Includes discussion of risk evaluation methodologies, new regulations, SOX, privacy, banking, IT governance, CobiT, outsourcing, network management, and the CloudAs networks and enterprise resource planning systems bring resources together, and as increasing privacy violations threaten more organization, information systems integrity becomes more important than ever. Auditor's Guide to IT Auditing, Second Edition empowers auditors to effectively gauge the adequacy and effectiveness of information systems controls. Zusammenfassung Step-by-step guide to successful implementation and control of IT systems including the Cloud Many auditors are unfamiliar with the techniques they need to know to efficiently and effectively determine whether information systems are adequately protected. Inhaltsverzeichnis Preface xvii Part I: IT Audit Process 1 Chapter 1: Technology and Audit 3 Technology and Audit 4 Batch and Online Systems 8 Electronic Data Interchange 20 Electronic Business 21 Cloud Computing 22 Chapter 2: IT Audit Function Knowledge 25 Information Technology Auditing 25 What Is Management? 26 Management Process 26 Understanding the Organization's Business 27 Establishing the Needs 27 Identifying Key Activities 27 Establish Performance Objectives 27 Decide the Control Strategies 27 Implement and Monitor the Controls 28 Executive Management's Responsibility and Corporate Governance 28 Audit Role 28 Conceptual Foundation 29 Professionalism within the IT Auditing Function 29 Relationship of Internal IT Audit to the External Auditor 30 Relationship of IT Audit to Other Company Audit Activities 30 Audit Charter 30 Charter Content 30 Outsourcing the IT Audit Activity 31 Regulation, Control, and Standards 31 Chapter 3: IT Risk and Fundamental Auditing Concepts 33 Computer Risks and Exposures 33 Effect of Risk 35 Audit and Risk 36 Audit Evidence 37 Conducting an IT Risk-Assessment Process 38 NIST SP 800 30 Framework 38 ISO 27005 39 The "Cascarino Cube" 39 Reliability of Audit Evidence 44 Audit Evidence Procedures 45 Responsibilities for Fraud Detection and Prevention 46 Notes 46 Chapter 4: Standards and Guidelines for IT...
