| |
| |
| Introduction | |
| |
| |
| |
| Auditing Internal Controls in an IT Environment | |
| |
| |
| |
| SOx and the COSO Internal Controls Framework | |
| |
| |
| Roles and Responsibilities of IT Auditors | |
| |
| |
| Importance of Effective Internal Controls and COSO | |
| |
| |
| COSO Internal Control Systems Monitoring Guidance | |
| |
| |
| Sarbanes-Oxley Act | |
| |
| |
| Wrapping It Up: COSO Internal Controls and Sox | |
| |
| |
| Notes | |
| |
| |
| |
| Using CobiT to Perform IT Audits | |
| |
| |
| Introduction to CobiT | |
| |
| |
| CobiT Framework | |
| |
| |
| Using CobiT to Assess Internal Controls | |
| |
| |
| Using CobiT in a SOx Environment | |
| |
| |
| CobiT Assurance Framework Guidance | |
| |
| |
| CobiT in Perspective | |
| |
| |
| Notes | |
| |
| |
| |
| IIA and ISACA Standards for the Professional Practice of Internal Auditing | |
| |
| |
| Internal Auditing's International Professional Practice Standards | |
| |
| |
| Content of the IPPF and the IIA International Standards | |
| |
| |
| Strongly Recommended IIA Standards Guidance | |
| |
| |
| ISACA IT Auditing Standards Overview | |
| |
| |
| Codes of Ethics: The IIA and ISACA | |
| |
| |
| Notes | |
| |
| |
| |
| Understanding Risk Management Through COSO ERM | |
| |
| |
| Risk Management Fundamentals | |
| |
| |
| Quantitative Risk Analysis Techniques | |
| |
| |
| IIA and ISACA Risk Management Internal Audit Guidance | |
| |
| |
| COSO ERM: Enterprise Risk Management | |
| |
| |
| IT Audit Risk and COSO ERM | |
| |
| |
| Notes | |
| |
| |
| |
| Performing Effective IT Audits | |
| |
| |
| IT Audit and the Enterprise Internal Audit Function | |
| |
| |
| Organizing and Planning IT Audits | |
| |
| |
| Developing and Preparing Audit Programs | |
| |
| |
| Gathering Audit Evidence and Testing Results | |
| |
| |
| Workpapers and Reporting IT Audit Results | |
| |
| |
| Preparing Effective IT Audits | |
| |
| |
| Notes | |
| |
| |
| |
| Auditing IT General Controls | |
| |
| |
| |
| General Controls in Today's IT Environments | |
| |
| |
| Importance of IT General Controls | |
| |
| |
| IT Governance General Controls | |
| |
| |
| IT Management General Controls | |
| |
| |
| IT Technical Environment General Controls | |
| |
| |
| Notes | |
| |
| |
| |
| Infrastructure Controls and ITIL Service Management Best Practices | |
| |
| |
| ITIL Service Management Best Practices | |
| |
| |
| ITIL's Service Strategies Component | |
| |
| |
| ITIL Service Design | |
| |
| |
| ITIL Service Transition Management Processes | |
| |
| |
| ITIL Service Operation Processes | |
| |
| |
| Service Delivery Best Practices | |
| |
| |
| Auditing IT Infrastructure Management | |
| |
| |
| Notes | |
| |
| |
| |
| Systems Software and IT Operations General Controls | |
| |
| |
| IT Operating System Fundamentals | |
| |
| |
| Features of a Computer Operating System | |
| |
| |
| Other Systems Software Tools | |
| |
| |
| Notes | |
| |
| |
| |
| Evolving Control Issues: Wireless Networks, Cloud Computing, and Virtualization | |
| |
| |
| Understanding and Auditing IT Wireless Networks | |
| |
| |
| Understanding Cloud Computing | |
| |
| |
| Storage Management Virtualization | |
| |
| |
| Notes | |
| |
| |
| |
| Auditing and Testing IT Application Controls | |
| |
| |
| |
| Selecting, Testing, and Auditing IT Applications | |
| |
| |
| IT Application Control Elements | |
| |
| |
| Selecting Applications for IT Audit Reviews | |
| |
| |
| Performing an Applications Controls Reviews: Preliminary Steps | |
| |
| |
| Completing the IT Applications Controls Audit | |
| |
| |
| Application Review Case Study: Client-Server Budgeting System | |
| |
| |
| Auditing Applications Under Development | |
| |
| |
| Importance of Reviewing IT Applicatio Controls | |
| |
| |
| Notes | |
| |
| |
| |
| Software Engineering and CMMi | |
| |
| |
| Software Engineering Concepts | |
| |
| |
| CMMi: Capability Maturity Model for Integration | |
| |
| |
| CMMi Benefits | |
| |
| |
| IT Audit, Internal Control, and CMMi | |
| |
| |
| Notes | |
| |
| |
| |
| Auditing Service-Oriented Architectures and Record Management Processes | |
| |
| |
| Service-Oriented Computing and Service-Driven Applications | |
| |
| |
| IT Auditing in SOA Environments | |
| |
| |
| Electronic Records Management Internal Control Issues and Risks | |
| |
| |
| IT Audits of Electronic Records Management Processes | |
| |
| |
| Notes | |
| |
| |
| |
| Computer-Assisted Audit Tools and Techniques | |
| |
| |
| Understanding Computer-Assisted Audit Tools and Techniques | |
| |
| |
| Determining the Need for CAATTs | |
| |
| |
| CAATT Software Tools | |
| |
| |
| Steps to Building Effective CAATTs | |
| |
| |
| Importance of CAATTs for Audit Evidence Gathering | |
| |
| |
| Notes | |
| |
| |
| |
| Continuous Assurance Auditing, OLAP and XBRL | |
| |
| |
| Implementing Continuous Assurance Auditing | |
| |
| |
| Benefits of Continuous Assurance Auditing Tools | |
| |
| |
| Data Warehouses, Data Mining, and OLAP | |
| |
| |
| XBRL: The Internet-Based Extensible Marking Language | |
| |
| |
| Newer Technologies, the Continuous Close, and IT audit | |
| |
| |
| Notes | |
| |
| |
| |
| Importance of IT Governance | |
| |
| |
| |
| IT Controls and the Audit Committee. | |
| |
| |
| Role of the Audit Committee for IT Auditors | |
| |
| |
| Audit Committee Approval of Internal Audit Plans and Budgets | |
| |
| |
| Audit Committee Briefings on IT Audit Issues | |
| |
| |
| Audit Committee Review and Action on Significant IT Audit Findings | |
| |
| |
| IT Audit and the Audit Committee | |
| |
| |
| |
| Val IT, Portfolio Management, and Project Management | |
| |
| |
| Val IT: Enhancing the Value of IT Investments | |
| |
| |
| IT Systems Portfolio and Program Management | |
| |
| |
| Project Management for IT Auditors | |
| |
| |
| Notes | |
| |
| |
| |
| Compliance with IT-Related Laws and Regulations | |
| |
| |
| Computer Fraud and Abuse Act | |
| |
| |
| Computer Security Act of 1987 | |
| |
| |
| Gramm - Leach - Bliley Act | |
| |
| |
| HIPAA: Healthcare and Much More | |
| |
| |
| Other Personal Privacy and Security Legislative Requirements | |
| |
| |
| IT-Related Laws, Regulations, and Audit Standards | |
| |
| |
| |
| Understanding and Reviewing Compliance with ISO Standards | |
| |
| |
| Background and Importance of ISO Standards in a Global Commerce World | |
| |
| |
| ISO Standards Overview | |
| |
| |
| ISO 19011 Quality Management Systems Auditing | |
| |
| |
| ISO Standards and IT Auditors | |
| |
| |
| Notes | |
| |
| |
| |
| IT Security Environment CONTROLS | |
| |
| |
| Generally Accepted Security Standards | |
| |
| |
| Effective IT Perimeter Security | |
| |
| |
| Establishing an Effective, Enterprise-Wide Security Strategy | |
| |
| |
| Best Practices for It Audit and Security | |
| |
| |
| Notes | |
| |
| |
| |
| Cyber-Security and Privacy Controls | |
| |
| |
| IT Network Security Fundamentals | |
| |
| |
| IT Systems Privacy Concerns | |
| |
| |
| PCI-DSS Fundamentals | |
| |
| |
| Auditing IT Security and Privacy | |
| |
| |
| Security and Privacy in the IT Audit Department | |
| |
| |
| Notes | |
| |
| |
| |
| IT Fraud Detection and Prevention. | |
| |
| |
| Understanding and Recognizing Fraud in an IT Environment | |
| |
| |
| Red Flags: Fraud Detection Signs for IT and other Internal Auditors | |
| |
| |
| Public Accounting's Role in Fraud Detection | |
| |
| |
| IIA Standards and ISACA Materials for Detecting and Investigating Fraud | |
| |
| |
| IT Audit Fraud Risk Assessments | |
| |
| |
| IT Audit Fraud Investigations | |
| |
| |
| IT Fraud Prevention Processes | |
| |
| |
| Fraud Detection and the IT Auditor | |
| |
| |
| Notes | |
| |
| |
| |
| Identity and Access Management | |
| |
| |
| Importance of Identity and Access Management | |
| |
| |
| Identity Management Processes | |
| |
| |
| Separation of Duties Identify Management Controls | |
| |
| |
| Access Management Provisioning | |
| |
| |
| Authentication and Authorization | |
| |
| |
| Auditing Identity and Access Management Processes | |
| |
| |
| Notes | |
| |
| |
| |
| Establishing Effective IT Disaster Recovery Processes | |
| |
| |
| IT Disaster and Business Continuity Planning Today | |
| |
| |
| Building and Auditing an IT Disaster Recovery Plan | |
| |
| |
| Building the IT Disaster Recovery Plan | |
| |
| |
| Disaster Recovery Planning and Service Level Agreements | |
| |
| |
| Newer Disaster Recovery Plan Technologies: Data Mirroring Techniques | |
| |
| |
| Auditing Business Continuity Plans | |
| |
| |
| Disaster Recovery and Business Continuity Planning Going Forward | |
| |
| |
| Notes | |
| |
| |
| |
| Electronic Archiving and Data Retention | |
| |
| |
| Elements of a Successful Electronic Records Management Process | |
| |
| |
| Electronic Documentation Standards | |
| |
| |
| Implementing Electronic IT Data Archiving | |
| |
| |
| Auditing Electronic Document Retention and Archival Processes | |
| |
| |
| Notes | |
| |
| |
| |
| Business Continuity Management and BS 25999 | |
| |
| |
| IT Business Continuity Management Planning Needs Today | |
| |
| |
| BS 25999 Good Practice Guidelines | |
| |
| |
| Auditing BCM Processes | |
| |
| |
| Linking the BCM with Other Standards and Processes | |
| |
| |
| Notes | |
| |
| |
| |
| Auditing Telecommunications and IT Communications Networks | |
| |
| |
| Network Security Concepts | |
| |
| |
| Effective IT Network Security Controls | |
| |
| |
| Auditing a VPN Installation | |
| |
| |
| Notes | |
| |
| |
| |
| Change and Patch Management Controls | |
| |
| |
| IT Change Management Processes | |
| |
| |
| Auditing IT Change and Patch Management Controls | |
| |
| |
| Notes | |
| |
| |
| |
| Six Sigma and Lean Technologies | |
| |
| |
| Six Sigma Background and Concepts | |
| |
| |
| Implementing Six Sigma | |
| |
| |
| Lean Six Sigma | |
| |
| |
| Notes | |
| |
| |
| |
| Building an Effective IT Internal Audit function | |
| |
| |
| Establishing an IT Internal Audit Function | |
| |
| |
| Internal Audit Charter: An Important IT Audit Authorization | |
| |
| |
| Role of the Chief Audit Executive | |
| |
| |
| IT Audit Specialists | |
| |
| |
| IT Audit Managers and Supervisors | |
| |
| |
| Internal and IT Audit Policies and Procedures | |
| |
| |
| Organizing an Effective IT Audit Function | |
| |
| |
| Importance of a Strong IT Audit Function | |
| |
| |
| Notes | |
| |
| |
| |
| Professional Certifications: CISA, CIA, and More | |
| |
| |
| Certified Information Systems Auditor Credentials | |
| |
| |
| Certified Information Security Manager Credentials | |
| |
| |
| Certificate in the Governance of Enterprise IT | |
| |
| |
| Certified Internal Auditor Responsibilities and Requirements | |
| |
| |
| Beyond the CIA: Other IIA Certifications | |
| |
| |
| CISSP Information Systems Security Professional Certification | |
| |
| |
| Certified Fraud Examiner Certification | |
| |
| |
| ASQ Internal Audit Certifications | |
| |
| |
| Other Internal Auditor Certifications | |
| |
| |
| Notes | |
| |
| |
| |
| Quality Assurance Auditing and ASQ Standards | |
| |
| |
| Duties and Responsibilities of Quality Auditors | |
| |
| |
| Role of the Quality Auditor | |
| |
| |
| Performing ASQ Quality Audits | |
| |
| |
| Quality Assurance Reviews of IT Audit Functions | |
| |
| |
| Future Directions for Quality Assurance Auditing | |
| |
| |
| Notes | |
| |
| |
| About the Author | |
| |
| |
| Index | |