The Basics of IT Audit

Purposes, Processes, and Practical Information

The Basics of IT Audit

The Basics of IT Audit: Purposes, Processes, and Practical Information provides you with a thorough, yet concise overview of IT auditing. Packed with specific examples, this book gives insight into the auditing process and explains regulations and standards such as the ISO-27000, series program, CoBIT, ITIL, Sarbanes-Oxley, and HIPPA. IT auditing occurs in some form in virtually every organization, private or public, large or small. The large number and wide variety of laws, regulations, policies, and industry standards that call for IT auditing make it hard for organizations to consistently and effectively prepare for, conduct, and respond to the results of audits, or to comply with audit requirements. This guide provides you with all the necessary information if you're preparing for an IT audit, participating in an IT audit or responding to an IT audit. Provides a concise treatment of IT auditing, allowing you to prepare for, participate in, and respond to the results Discusses the pros and cons of doing internal and external IT audits, including the benefits and potential drawbacks of each Covers the basics of complex regulations and standards, such as Sarbanes-Oxley, SEC (public companies), HIPAA, and FFIEC Includes most methods and frameworks, including GAAS, COSO, COBIT, ITIL, ISO (27000), and FISCAM

Auditor's Guide to IT Auditing

Auditor's Guide to IT Auditing

Step-by-step guide to successful implementation and control of IT systems—including the Cloud Many auditors are unfamiliar with the techniques they need to know to efficiently and effectively determine whether information systems are adequately protected. Now in a Second Edition, Auditor's Guide to IT Auditing presents an easy, practical guide for auditors that can be applied to all computing environments. Follows the approach used by the Information System Audit and Control Association's model curriculum, making this book a practical approach to IS auditing Serves as an excellent study guide for those preparing for the CISA and CISM exams Includes discussion of risk evaluation methodologies, new regulations, SOX, privacy, banking, IT governance, CobiT, outsourcing, network management, and the Cloud Includes a link to an education version of IDEA--Data Analysis Software As networks and enterprise resource planning systems bring resources together, and as increasing privacy violations threaten more organization, information systems integrity becomes more important than ever. Auditor's Guide to IT Auditing, Second Edition empowers auditors to effectively gauge the adequacy and effectiveness of information systems controls.

Auditor's Guide to IT Auditing, + Software Demo

Auditor's Guide to IT Auditing, + Software Demo

Step-by-step guide to successful implementation and control of IT systems—including the Cloud Many auditors are unfamiliar with the techniques they need to know to efficiently and effectively determine whether information systems are adequately protected. Now in a Second Edition, Auditor's Guide to IT Auditing presents an easy, practical guide for auditors that can be applied to all computing environments. Follows the approach used by the Information System Audit and Control Association's model curriculum, making this book a practical approach to IS auditing Serves as an excellent study guide for those preparing for the CISA and CISM exams Includes discussion of risk evaluation methodologies, new regulations, SOX, privacy, banking, IT governance, CobiT, outsourcing, network management, and the Cloud Includes a link to an education version of IDEA--Data Analysis Software As networks and enterprise resource planning systems bring resources together, and as increasing privacy violations threaten more organization, information systems integrity becomes more important than ever. Auditor's Guide to IT Auditing, Second Edition empowers auditors to effectively gauge the adequacy and effectiveness of information systems controls.

Information Technology Audits 2008

Information Technology Audits 2008

This up-to-the-minute guide helps you become more proactive and meet the growing demand for integrated audit services in the 21st century. Wide-ranging in scope, Information Technology Audits offers expert analysis, practical tools, and real-world techniques designed to assist in preparing for and performing integrated IT audits. Written by a seasoned auditor with more than 22 years of IT audit experience, Information Technology Audits provides the first practical, hands-on look at how organizations use and control information to meet business objectives, and offers strategies to assess whether the company's controls adequately protect its information systems. Practice aids are available on a free companion CD-ROM.

The Basics of Quality Auditing

The Basics of Quality Auditing

As the latest addition to "The Basics" Series, The Basics of Quality Auditing provides an inexpensive and easy-to-follow WHO, WHAT, WHERE, WHEN, WHY and HOW format that is perfect for training. It discusses the four main questions all audits should answer: Is there a procedure? Is the procedure being followed? Does the procedure meet the needs of the system? and What must be changed or improved to increase the output quality? After explaining the audit process, the book illustrates how audit programs are currently being used and how they have evolved beyond the standard uses of policing actions or procuring information about a supplier to becoming a continuous improvement tool. The appendix provides sample audit forms and checklists that auditors can model.

Internal Audit Handbook

Management with the SAP®-Audit Roadmap

Internal Audit Handbook

This book offers a comprehensive, up-to-date presentation of the tasks and challenges facing internal audit. It presents the Audit Roadmap, the process model of internal auditing developed at SAP® which describes all stages of an audit. Coverage provides information on issues such as the identification of audit fields, the annual audit planning, the organization and execution of audits as well as reporting and follow-up. The handbook also discusses management-related subjects. Separate chapters are dedicated to special topics like IT or SOX audits.

IT Auditing Using Controls to Protect Information Assets, 2nd Edition

IT Auditing Using Controls to Protect Information Assets, 2nd Edition

Secure Your Systems Using the Latest IT Auditing Techniques Fully updated to cover leading-edge tools and technologies, IT Auditing: Using Controls to Protect Information Assets, Second Edition, explains, step by step, how to implement a successful, enterprise-wide IT audit program. New chapters on auditing cloud computing, outsourced operations, virtualization, and storage are included. This comprehensive guide describes how to assemble an effective IT audit team and maximize the value of the IT audit function. In-depth details on performing specific audits are accompanied by real-world examples, ready-to-use checklists, and valuable templates. Standards, frameworks, regulations, and risk management techniques are also covered in this definitive resource. Build and maintain an internal IT audit function with maximum effectiveness and value Audit entity-level controls, data centers, and disaster recovery Examine switches, routers, and firewalls Evaluate Windows, UNIX, and Linux operating systems Audit Web servers and applications Analyze databases and storage solutions Assess WLAN and mobile devices Audit virtualized environments Evaluate risks associated with cloud computing and outsourced operations Drill down into applications to find potential control weaknesses Use standards and frameworks, such as COBIT, ITIL, and ISO Understand regulations, including Sarbanes-Oxley, HIPAA, and PCI Implement proven risk management practices

IT Auditing: Using Controls to Protect Information Assets

IT Auditing: Using Controls to Protect Information Assets

Protect Your Systems with Proven IT Auditing Strategies "A must-have for auditors and IT professionals." -Doug Dexter, CISSP-ISSMP, CISA, Audit Team Lead, Cisco Systems, Inc. Plan for and manage an effective IT audit program using the in-depth information contained in this comprehensive resource. Written by experienced IT audit and security professionals, IT Auditing: Using Controls to Protect Information Assets covers the latest auditing tools alongside real-world examples, ready-to-use checklists, and valuable templates. Inside, you'll learn how to analyze Windows, UNIX, and Linux systems; secure databases; examine wireless networks and devices; and audit applications. Plus, you'll get up-to-date information on legal standards and practices, privacy and ethical issues, and the CobiT standard. Build and maintain an IT audit function with maximum effectiveness and value Implement best practice IT audit processes and controls Analyze UNIX-, Linux-, and Windows-based operating systems Audit network routers, switches, firewalls, WLANs, and mobile devices Evaluate entity-level controls, data centers, and disaster recovery plans Examine Web servers, platforms, and applications for vulnerabilities Review databases for critical controls Use the COSO, CobiT, ITIL, ISO, and NSA INFOSEC methodologies Implement sound risk analysis and risk management practices Drill down into applications to find potential control weaknesses

The Basics of Achieving Professional Certification

Enhancing Your Credentials

The Basics of Achieving Professional Certification

Professional certification has become a very popular topic and a significant number of individuals are making it a priority. Some people are torn on whether or not to obtain a certification to bolster their career. Others see the advantage of diversifying their professional portfolio and pursuing popular certifications in the areas of Project Management, Information Technology, Quality, or Human Resources. The Basics of Achieving Professional Certification: Enhancing Your Credentials provides clear-cut guidance on how to select a certification that is right for you and how you can continue to build your credentials in support of personal and professional goals. This easy-to-use guide can help anyone looking to achieve professional certification make informed decisions about the many options available. It can also help avoid the pitfalls of making the wrong choice as a result of being incorrectly informed. Examining the range of professional certifications offered by associations and organizations, it explains how to select the right professional certification and outlines best practices for completing the certification process. The book includes a CD that represents more than a year of development between resources in the U.S. and Europe. Packed with tools, it supplies permanent access to a suite of helpful training and development software, including: Library management system to track training material, books, and related items (created in MS Access) Learning management system to ensure training compliance (created in MS Access) A number of project management resources, including a comprehensive exam preparation program Royalty free multimedia resources to add pizzazz to your e-learning programs Forms, templates, and checklists to support training administration Tools to help evaluate training programs Software to make training and certification more interactive and enjoyable Winner of a Cleland Publication Award, Willis H. Thomas, PhD, PMP, CPT, not only outlines the requirements for obtaining professional certification, but also provides a framework for training and development that supports the range of professional certifications. The book includes helpful test-taking tips for oral and written exams and also describes how to find supporting resources for study group participation. Filled with illustrative examples, the text includes testimonials from professional associations on how professional certification has benefited their members—making it helpful to professional associations as a means to encourage association membership and participation.