Skip to content

IT Audit, Control, and Security

Spend $50 to get a free DVD!

ISBN-10: 0471406767

ISBN-13: 9780471406761

Edition: 2nd 2011

Authors: Robert R. Moeller

Shipping box This item qualifies for FREE shipping.
Blue ribbon 30 day, 100% satisfaction guarantee!
Rent eBooks
Buy eBooks
what's this?
Rush Rewards U
Members Receive:
Carrot Coin icon
XP icon
You have reached 400 XP and carrot coins. That is the daily max!

Description:

Combines the areas of computer audit, computer control, and computer security in one book. * Offers step-by-step guidance on auditing, control, and security. * Provides numberous control objectives.
Customers also bought

Book details

Edition: 2nd
Copyright year: 2011
Publisher: John Wiley & Sons Australia, Limited
Publication date: 11/19/2010
Binding: Hardcover
Pages: 696
Size: 7.20" wide x 10.10" long x 1.60" tall
Weight: 3.014
Language: English

Robert R. Moeller, Cpa, Cisa, Cissp, is an internal audit specialist and project manager with a strong understanding of information systems, corporate governance, and security. He has over twenty-five years of experience in internal auditing, ranging from launching new internal audit functions in several companies to serving as audit director for a Fortune 50corporation. He was the national director of computer auditing at Grant Thorton andthe audit director of Sears Roebuck.A frequently published author and pro-fessional speaker, he provides insights intomany of the new rules impacting internalauditors today, as well as the challengesaudit committees face when dealing withSarbanes-Oxley, internal controls, andtheir internal auditors.

Introduction
Auditing Internal Controls in an IT Environment
SOx and the COSO Internal Controls Framework
Roles and Responsibilities of IT Auditors
Importance of Effective Internal Controls and COSO
COSO Internal Control Systems Monitoring Guidance
Sarbanes-Oxley Act
Wrapping It Up: COSO Internal Controls and Sox
Notes
Using CobiT to Perform IT Audits
Introduction to CobiT
CobiT Framework
Using CobiT to Assess Internal Controls
Using CobiT in a SOx Environment
CobiT Assurance Framework Guidance
CobiT in Perspective
Notes
IIA and ISACA Standards for the Professional Practice of Internal Auditing
Internal Auditing's International Professional Practice Standards
Content of the IPPF and the IIA International Standards
Strongly Recommended IIA Standards Guidance
ISACA IT Auditing Standards Overview
Codes of Ethics: The IIA and ISACA
Notes
Understanding Risk Management Through COSO ERM
Risk Management Fundamentals
Quantitative Risk Analysis Techniques
IIA and ISACA Risk Management Internal Audit Guidance
COSO ERM: Enterprise Risk Management
IT Audit Risk and COSO ERM
Notes
Performing Effective IT Audits
IT Audit and the Enterprise Internal Audit Function
Organizing and Planning IT Audits
Developing and Preparing Audit Programs
Gathering Audit Evidence and Testing Results
Workpapers and Reporting IT Audit Results
Preparing Effective IT Audits
Notes
Auditing IT General Controls
General Controls in Today's IT Environments
Importance of IT General Controls
IT Governance General Controls
IT Management General Controls
IT Technical Environment General Controls
Notes
Infrastructure Controls and ITIL Service Management Best Practices
ITIL Service Management Best Practices
ITIL's Service Strategies Component
ITIL Service Design
ITIL Service Transition Management Processes
ITIL Service Operation Processes
Service Delivery Best Practices
Auditing IT Infrastructure Management
Notes
Systems Software and IT Operations General Controls
IT Operating System Fundamentals
Features of a Computer Operating System
Other Systems Software Tools
Notes
Evolving Control Issues: Wireless Networks, Cloud Computing, and Virtualization
Understanding and Auditing IT Wireless Networks
Understanding Cloud Computing
Storage Management Virtualization
Notes
Auditing and Testing IT Application Controls
Selecting, Testing, and Auditing IT Applications
IT Application Control Elements
Selecting Applications for IT Audit Reviews
Performing an Applications Controls Reviews: Preliminary Steps
Completing the IT Applications Controls Audit
Application Review Case Study: Client-Server Budgeting System
Auditing Applications Under Development
Importance of Reviewing IT Applicatio Controls
Notes
Software Engineering and CMMi
Software Engineering Concepts
CMMi: Capability Maturity Model for Integration
CMMi Benefits
IT Audit, Internal Control, and CMMi
Notes
Auditing Service-Oriented Architectures and Record Management Processes
Service-Oriented Computing and Service-Driven Applications
IT Auditing in SOA Environments
Electronic Records Management Internal Control Issues and Risks
IT Audits of Electronic Records Management Processes
Notes
Computer-Assisted Audit Tools and Techniques
Understanding Computer-Assisted Audit Tools and Techniques
Determining the Need for CAATTs
CAATT Software Tools
Steps to Building Effective CAATTs
Importance of CAATTs for Audit Evidence Gathering
Notes
Continuous Assurance Auditing, OLAP and XBRL
Implementing Continuous Assurance Auditing
Benefits of Continuous Assurance Auditing Tools
Data Warehouses, Data Mining, and OLAP
XBRL: The Internet-Based Extensible Marking Language
Newer Technologies, the Continuous Close, and IT audit
Notes
Importance of IT Governance
IT Controls and the Audit Committee.
Role of the Audit Committee for IT Auditors
Audit Committee Approval of Internal Audit Plans and Budgets
Audit Committee Briefings on IT Audit Issues
Audit Committee Review and Action on Significant IT Audit Findings
IT Audit and the Audit Committee
Val IT, Portfolio Management, and Project Management
Val IT: Enhancing the Value of IT Investments
IT Systems Portfolio and Program Management
Project Management for IT Auditors
Notes
Compliance with IT-Related Laws and Regulations
Computer Fraud and Abuse Act
Computer Security Act of 1987
Gramm - Leach - Bliley Act
HIPAA: Healthcare and Much More
Other Personal Privacy and Security Legislative Requirements
IT-Related Laws, Regulations, and Audit Standards
Understanding and Reviewing Compliance with ISO Standards
Background and Importance of ISO Standards in a Global Commerce World
ISO Standards Overview
ISO 19011 Quality Management Systems Auditing
ISO Standards and IT Auditors
Notes
IT Security Environment CONTROLS
Generally Accepted Security Standards
Effective IT Perimeter Security
Establishing an Effective, Enterprise-Wide Security Strategy
Best Practices for It Audit and Security
Notes
Cyber-Security and Privacy Controls
IT Network Security Fundamentals
IT Systems Privacy Concerns
PCI-DSS Fundamentals
Auditing IT Security and Privacy
Security and Privacy in the IT Audit Department
Notes
IT Fraud Detection and Prevention.
Understanding and Recognizing Fraud in an IT Environment
Red Flags: Fraud Detection Signs for IT and other Internal Auditors
Public Accounting's Role in Fraud Detection
IIA Standards and ISACA Materials for Detecting and Investigating Fraud
IT Audit Fraud Risk Assessments
IT Audit Fraud Investigations
IT Fraud Prevention Processes
Fraud Detection and the IT Auditor
Notes
Identity and Access Management
Importance of Identity and Access Management
Identity Management Processes
Separation of Duties Identify Management Controls
Access Management Provisioning
Authentication and Authorization
Auditing Identity and Access Management Processes
Notes
Establishing Effective IT Disaster Recovery Processes
IT Disaster and Business Continuity Planning Today
Building and Auditing an IT Disaster Recovery Plan
Building the IT Disaster Recovery Plan
Disaster Recovery Planning and Service Level Agreements
Newer Disaster Recovery Plan Technologies: Data Mirroring Techniques
Auditing Business Continuity Plans
Disaster Recovery and Business Continuity Planning Going Forward
Notes
Electronic Archiving and Data Retention
Elements of a Successful Electronic Records Management Process
Electronic Documentation Standards
Implementing Electronic IT Data Archiving
Auditing Electronic Document Retention and Archival Processes
Notes
Business Continuity Management and BS 25999
IT Business Continuity Management Planning Needs Today
BS 25999 Good Practice Guidelines
Auditing BCM Processes
Linking the BCM with Other Standards and Processes
Notes
Auditing Telecommunications and IT Communications Networks
Network Security Concepts
Effective IT Network Security Controls
Auditing a VPN Installation
Notes
Change and Patch Management Controls
IT Change Management Processes
Auditing IT Change and Patch Management Controls
Notes
Six Sigma and Lean Technologies
Six Sigma Background and Concepts
Implementing Six Sigma
Lean Six Sigma
Notes
Building an Effective IT Internal Audit function
Establishing an IT Internal Audit Function
Internal Audit Charter: An Important IT Audit Authorization
Role of the Chief Audit Executive
IT Audit Specialists
IT Audit Managers and Supervisors
Internal and IT Audit Policies and Procedures
Organizing an Effective IT Audit Function
Importance of a Strong IT Audit Function
Notes
Professional Certifications: CISA, CIA, and More
Certified Information Systems Auditor Credentials
Certified Information Security Manager Credentials
Certificate in the Governance of Enterprise IT
Certified Internal Auditor Responsibilities and Requirements
Beyond the CIA: Other IIA Certifications
CISSP Information Systems Security Professional Certification
Certified Fraud Examiner Certification
ASQ Internal Audit Certifications
Other Internal Auditor Certifications
Notes
Quality Assurance Auditing and ASQ Standards
Duties and Responsibilities of Quality Auditors
Role of the Quality Auditor
Performing ASQ Quality Audits
Quality Assurance Reviews of IT Audit Functions
Future Directions for Quality Assurance Auditing
Notes
About the Author
Index