| |
| |
Introduction | |
| |
| |
| |
Auditing Internal Controls in an IT Environment | |
| |
| |
| |
SOx and the COSO Internal Controls Framework | |
| |
| |
Roles and Responsibilities of IT Auditors | |
| |
| |
Importance of Effective Internal Controls and COSO | |
| |
| |
COSO Internal Control Systems Monitoring Guidance | |
| |
| |
Sarbanes-Oxley Act | |
| |
| |
Wrapping It Up: COSO Internal Controls and Sox | |
| |
| |
Notes | |
| |
| |
| |
Using CobiT to Perform IT Audits | |
| |
| |
Introduction to CobiT | |
| |
| |
CobiT Framework | |
| |
| |
Using CobiT to Assess Internal Controls | |
| |
| |
Using CobiT in a SOx Environment | |
| |
| |
CobiT Assurance Framework Guidance | |
| |
| |
CobiT in Perspective | |
| |
| |
Notes | |
| |
| |
| |
IIA and ISACA Standards for the Professional Practice of Internal Auditing | |
| |
| |
Internal Auditing's International Professional Practice Standards | |
| |
| |
Content of the IPPF and the IIA International Standards | |
| |
| |
Strongly Recommended IIA Standards Guidance | |
| |
| |
ISACA IT Auditing Standards Overview | |
| |
| |
Codes of Ethics: The IIA and ISACA | |
| |
| |
Notes | |
| |
| |
| |
Understanding Risk Management Through COSO ERM | |
| |
| |
Risk Management Fundamentals | |
| |
| |
Quantitative Risk Analysis Techniques | |
| |
| |
IIA and ISACA Risk Management Internal Audit Guidance | |
| |
| |
COSO ERM: Enterprise Risk Management | |
| |
| |
IT Audit Risk and COSO ERM | |
| |
| |
Notes | |
| |
| |
| |
Performing Effective IT Audits | |
| |
| |
IT Audit and the Enterprise Internal Audit Function | |
| |
| |
Organizing and Planning IT Audits | |
| |
| |
Developing and Preparing Audit Programs | |
| |
| |
Gathering Audit Evidence and Testing Results | |
| |
| |
Workpapers and Reporting IT Audit Results | |
| |
| |
Preparing Effective IT Audits | |
| |
| |
Notes | |
| |
| |
| |
Auditing IT General Controls | |
| |
| |
| |
General Controls in Today's IT Environments | |
| |
| |
Importance of IT General Controls | |
| |
| |
IT Governance General Controls | |
| |
| |
IT Management General Controls | |
| |
| |
IT Technical Environment General Controls | |
| |
| |
Notes | |
| |
| |
| |
Infrastructure Controls and ITIL Service Management Best Practices | |
| |
| |
ITIL Service Management Best Practices | |
| |
| |
ITIL's Service Strategies Component | |
| |
| |
ITIL Service Design | |
| |
| |
ITIL Service Transition Management Processes | |
| |
| |
ITIL Service Operation Processes | |
| |
| |
Service Delivery Best Practices | |
| |
| |
Auditing IT Infrastructure Management | |
| |
| |
Notes | |
| |
| |
| |
Systems Software and IT Operations General Controls | |
| |
| |
IT Operating System Fundamentals | |
| |
| |
Features of a Computer Operating System | |
| |
| |
Other Systems Software Tools | |
| |
| |
Notes | |
| |
| |
| |
Evolving Control Issues: Wireless Networks, Cloud Computing, and Virtualization | |
| |
| |
Understanding and Auditing IT Wireless Networks | |
| |
| |
Understanding Cloud Computing | |
| |
| |
Storage Management Virtualization | |
| |
| |
Notes | |
| |
| |
| |
Auditing and Testing IT Application Controls | |
| |
| |
| |
Selecting, Testing, and Auditing IT Applications | |
| |
| |
IT Application Control Elements | |
| |
| |
Selecting Applications for IT Audit Reviews | |
| |
| |
Performing an Applications Controls Reviews: Preliminary Steps | |
| |
| |
Completing the IT Applications Controls Audit | |
| |
| |
Application Review Case Study: Client-Server Budgeting System | |
| |
| |
Auditing Applications Under Development | |
| |
| |
Importance of Reviewing IT Applicatio Controls | |
| |
| |
Notes | |
| |
| |
| |
Software Engineering and CMMi | |
| |
| |
Software Engineering Concepts | |
| |
| |
CMMi: Capability Maturity Model for Integration | |
| |
| |
CMMi Benefits | |
| |
| |
IT Audit, Internal Control, and CMMi | |
| |
| |
Notes | |
| |
| |
| |
Auditing Service-Oriented Architectures and Record Management Processes | |
| |
| |
Service-Oriented Computing and Service-Driven Applications | |
| |
| |
IT Auditing in SOA Environments | |
| |
| |
Electronic Records Management Internal Control Issues and Risks | |
| |
| |
IT Audits of Electronic Records Management Processes | |
| |
| |
Notes | |
| |
| |
| |
Computer-Assisted Audit Tools and Techniques | |
| |
| |
Understanding Computer-Assisted Audit Tools and Techniques | |
| |
| |
Determining the Need for CAATTs | |
| |
| |
CAATT Software Tools | |
| |
| |
Steps to Building Effective CAATTs | |
| |
| |
Importance of CAATTs for Audit Evidence Gathering | |
| |
| |
Notes | |
| |
| |
| |
Continuous Assurance Auditing, OLAP and XBRL | |
| |
| |
Implementing Continuous Assurance Auditing | |
| |
| |
Benefits of Continuous Assurance Auditing Tools | |
| |
| |
Data Warehouses, Data Mining, and OLAP | |
| |
| |
XBRL: The Internet-Based Extensible Marking Language | |
| |
| |
Newer Technologies, the Continuous Close, and IT audit | |
| |
| |
Notes | |
| |
| |
| |
Importance of IT Governance | |
| |
| |
| |
IT Controls and the Audit Committee. | |
| |
| |
Role of the Audit Committee for IT Auditors | |
| |
| |
Audit Committee Approval of Internal Audit Plans and Budgets | |
| |
| |
Audit Committee Briefings on IT Audit Issues | |
| |
| |
Audit Committee Review and Action on Significant IT Audit Findings | |
| |
| |
IT Audit and the Audit Committee | |
| |
| |
| |
Val IT, Portfolio Management, and Project Management | |
| |
| |
Val IT: Enhancing the Value of IT Investments | |
| |
| |
IT Systems Portfolio and Program Management | |
| |
| |
Project Management for IT Auditors | |
| |
| |
Notes | |
| |
| |
| |
Compliance with IT-Related Laws and Regulations | |
| |
| |
Computer Fraud and Abuse Act | |
| |
| |
Computer Security Act of 1987 | |
| |
| |
Gramm - Leach - Bliley Act | |
| |
| |
HIPAA: Healthcare and Much More | |
| |
| |
Other Personal Privacy and Security Legislative Requirements | |
| |
| |
IT-Related Laws, Regulations, and Audit Standards | |
| |
| |
| |
Understanding and Reviewing Compliance with ISO Standards | |
| |
| |
Background and Importance of ISO Standards in a Global Commerce World | |
| |
| |
ISO Standards Overview | |
| |
| |
ISO 19011 Quality Management Systems Auditing | |
| |
| |
ISO Standards and IT Auditors | |
| |
| |
Notes | |
| |
| |
| |
IT Security Environment CONTROLS | |
| |
| |
Generally Accepted Security Standards | |
| |
| |
Effective IT Perimeter Security | |
| |
| |
Establishing an Effective, Enterprise-Wide Security Strategy | |
| |
| |
Best Practices for It Audit and Security | |
| |
| |
Notes | |
| |
| |
| |
Cyber-Security and Privacy Controls | |
| |
| |
IT Network Security Fundamentals | |
| |
| |
IT Systems Privacy Concerns | |
| |
| |
PCI-DSS Fundamentals | |
| |
| |
Auditing IT Security and Privacy | |
| |
| |
Security and Privacy in the IT Audit Department | |
| |
| |
Notes | |
| |
| |
| |
IT Fraud Detection and Prevention. | |
| |
| |
Understanding and Recognizing Fraud in an IT Environment | |
| |
| |
Red Flags: Fraud Detection Signs for IT and other Internal Auditors | |
| |
| |
Public Accounting's Role in Fraud Detection | |
| |
| |
IIA Standards and ISACA Materials for Detecting and Investigating Fraud | |
| |
| |
IT Audit Fraud Risk Assessments | |
| |
| |
IT Audit Fraud Investigations | |
| |
| |
IT Fraud Prevention Processes | |
| |
| |
Fraud Detection and the IT Auditor | |
| |
| |
Notes | |
| |
| |
| |
Identity and Access Management | |
| |
| |
Importance of Identity and Access Management | |
| |
| |
Identity Management Processes | |
| |
| |
Separation of Duties Identify Management Controls | |
| |
| |
Access Management Provisioning | |
| |
| |
Authentication and Authorization | |
| |
| |
Auditing Identity and Access Management Processes | |
| |
| |
Notes | |
| |
| |
| |
Establishing Effective IT Disaster Recovery Processes | |
| |
| |
IT Disaster and Business Continuity Planning Today | |
| |
| |
Building and Auditing an IT Disaster Recovery Plan | |
| |
| |
Building the IT Disaster Recovery Plan | |
| |
| |
Disaster Recovery Planning and Service Level Agreements | |
| |
| |
Newer Disaster Recovery Plan Technologies: Data Mirroring Techniques | |
| |
| |
Auditing Business Continuity Plans | |
| |
| |
Disaster Recovery and Business Continuity Planning Going Forward | |
| |
| |
Notes | |
| |
| |
| |
Electronic Archiving and Data Retention | |
| |
| |
Elements of a Successful Electronic Records Management Process | |
| |
| |
Electronic Documentation Standards | |
| |
| |
Implementing Electronic IT Data Archiving | |
| |
| |
Auditing Electronic Document Retention and Archival Processes | |
| |
| |
Notes | |
| |
| |
| |
Business Continuity Management and BS 25999 | |
| |
| |
IT Business Continuity Management Planning Needs Today | |
| |
| |
BS 25999 Good Practice Guidelines | |
| |
| |
Auditing BCM Processes | |
| |
| |
Linking the BCM with Other Standards and Processes | |
| |
| |
Notes | |
| |
| |
| |
Auditing Telecommunications and IT Communications Networks | |
| |
| |
Network Security Concepts | |
| |
| |
Effective IT Network Security Controls | |
| |
| |
Auditing a VPN Installation | |
| |
| |
Notes | |
| |
| |
| |
Change and Patch Management Controls | |
| |
| |
IT Change Management Processes | |
| |
| |
Auditing IT Change and Patch Management Controls | |
| |
| |
Notes | |
| |
| |
| |
Six Sigma and Lean Technologies | |
| |
| |
Six Sigma Background and Concepts | |
| |
| |
Implementing Six Sigma | |
| |
| |
Lean Six Sigma | |
| |
| |
Notes | |
| |
| |
| |
Building an Effective IT Internal Audit function | |
| |
| |
Establishing an IT Internal Audit Function | |
| |
| |
Internal Audit Charter: An Important IT Audit Authorization | |
| |
| |
Role of the Chief Audit Executive | |
| |
| |
IT Audit Specialists | |
| |
| |
IT Audit Managers and Supervisors | |
| |
| |
Internal and IT Audit Policies and Procedures | |
| |
| |
Organizing an Effective IT Audit Function | |
| |
| |
Importance of a Strong IT Audit Function | |
| |
| |
Notes | |
| |
| |
| |
Professional Certifications: CISA, CIA, and More | |
| |
| |
Certified Information Systems Auditor Credentials | |
| |
| |
Certified Information Security Manager Credentials | |
| |
| |
Certificate in the Governance of Enterprise IT | |
| |
| |
Certified Internal Auditor Responsibilities and Requirements | |
| |
| |
Beyond the CIA: Other IIA Certifications | |
| |
| |
CISSP Information Systems Security Professional Certification | |
| |
| |
Certified Fraud Examiner Certification | |
| |
| |
ASQ Internal Audit Certifications | |
| |
| |
Other Internal Auditor Certifications | |
| |
| |
Notes | |
| |
| |
| |
Quality Assurance Auditing and ASQ Standards | |
| |
| |
Duties and Responsibilities of Quality Auditors | |
| |
| |
Role of the Quality Auditor | |
| |
| |
Performing ASQ Quality Audits | |
| |
| |
Quality Assurance Reviews of IT Audit Functions | |
| |
| |
Future Directions for Quality Assurance Auditing | |
| |
| |
Notes | |
| |
| |
About the Author | |
| |
| |
Index | |