Auditor's Guide to Information System Auditing / Edition 1

Hardcover (Print)
Used and New from Other Sellers
Used and New from Other Sellers
from $48.61
Usually ships in 1-2 business days
(Save 56%)
Other sellers (Hardcover)
  • All (5) from $48.61   
  • New (3) from $48.61   
  • Used (2) from $79.95   
Sort by
Page 1 of 1
Showing All
Note: Marketplace items are not eligible for any coupons and promotions
Seller since 2014

Feedback rating:



New — never opened or used in original packaging.

Like New — packaging may have been opened. A "Like New" item is suitable to give as a gift.

Very Good — may have minor signs of wear on packaging but item works perfectly and has no damage.

Good — item is in good condition but packaging may have signs of shelf wear/aging or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Acceptable — item is in working order but may show signs of wear such as scratches or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Used — An item that has been opened and may show signs of wear. All specific defects should be noted in the Comments section associated with each item.

Refurbished — A used item that has been renewed or updated and verified to be in proper working condition. Not necessarily completed by the original manufacturer.

2007 Hardcover New

Ships from: san francisco, CA

Usually ships in 1-2 business days

  • Canadian
  • International
  • Standard, 48 States
  • Standard (AK, HI)
  • Express, 48 States
  • Express (AK, HI)
Seller since 2014

Feedback rating:


Condition: New
0470009896 Brand New. Ships with delivery confirmation same day of order. Guaranteed.

Ships from: Beachwood, OH

Usually ships in 1-2 business days

  • Canadian
  • International
  • Standard, 48 States
  • Standard (AK, HI)
  • Express, 48 States
  • Express (AK, HI)
Seller since 2014

Feedback rating:


Condition: New
Brand new.

Ships from: acton, MA

Usually ships in 1-2 business days

  • Standard, 48 States
  • Standard (AK, HI)
Page 1 of 1
Showing All
Sort by


Praise for Auditor's Guide to Information Systems Auditing

"Auditor's Guide to Information Systems Auditing is the most comprehensive book about auditing that I have ever seen. There is something in this book for everyone. New auditors will find this book to be their bible—reading it will enable them to learn what the role of auditors really is and will convey to them what they must know, understand, and look for when performing audits. For experiencedauditors, this book will serve as a reality check to determine whether they are examining the right issues and whether they are being sufficiently comprehensive in their focus. Richard Cascarino has done a superb job."
E. Eugene Schultz, PhD, CISSP, CISM Chief Technology Officer and Chief Information Security Officer, High Tower Software

A step-by-step guide tosuccessful implementation and control of information systems

More and more, auditors are being called upon to assess the risks and evaluate the controls over computer information systems in all types of organizations. However, many auditors are unfamiliar with the techniques they need to know to efficiently and effectively determine whether information systems are adequately protected. Auditor's Guide to Information Systems Auditing presents an easy, practical guide for auditors that can be applied to all computing environments.

As networks and enterprise resource planning systems bring resources together, and as increasing privacy violations threaten more organization, information systems integrity becomes more important than ever. With a complimentary student'sversion of the IDEA Data Analysis Software CD, Auditor's Guide to Information Systems Auditing empowers auditors to effectively gauge the adequacy and effectiveness of information systems controls.

Read More Show Less

Product Details

  • ISBN-13: 9780470009895
  • Publisher: Wiley, John & Sons, Incorporated
  • Publication date: 3/23/2007
  • Edition description: Older Edition
  • Edition number: 1
  • Pages: 512
  • Product dimensions: 6.44 (w) x 8.96 (h) x 1.36 (d)

Meet the Author

RICHARD CASCARINO, MBA, CIA, CFE, CISM, has, for the last eighteen years, been providing consultancy and professional development services to clients throughout the southern African region as well as in Europe, the Middle East, and the United States. Well-known in international auditing circles as one of the most knowledgeable practitioners in the field, he is a regular speaker at international conferences and has presented courses throughout Africa, Europe, the Middle East, and the United States. He is a past president of the Institute of Internal Auditors in South Africa, was the founding regional director of the Southern African Region of the IIA-Inc., and is a member of both the Information Systems Audit and Control Association and the American Institute of Certified Fraud Examiners (South African Chapter). He is also a coauthor of Internal Auditing: An Integrated Approach.
Read More Show Less

Table of Contents



PART I. IS Audit Process.

CHAPTER 1. Technology and Audit.

Technology and Audit.

Batch and On-Line Systems.

CHAPTER 2. IS Audit Function Knowledge.

Information Systems Auditing.

What Is Management?

Management Process.

Understanding the Organization’s Business.

Establishing the Needs.

Identifying Key Activities.

Establish Performance Objectives.

Decide The Control Strategies.

Implement and Monitor the Controls.

Executive Management’s Responsibility and Corporate Governance.

Audit Role.

Conceptual Foundation.

Professionalism within the IS Auditing Function.

Relationship of Internal IS Audit to the External Auditor.

Relationship of IS Audit to Other Company Audit Activities.

Audit Charter.

Charter Content.

Outsourcing the IS Audit Activity.

Regulation, Control, and Standards.

CHAPTER 3. IS Risk and Fundamental Auditing Concepts.

Computer Risks and Exposures.

Effect of Risk.

Audit and Risk.

Audit Evidence.

Reliability of Audit Evidence.

Audit Evidence Procedures.

Responsibilities for Fraud Detection and Prevention.

CHAPTER 4. Standards and Guidelines for IS Auditing.

IIA Standards.

Code of Ethics.



Standards for the Professional Performance of Internal Auditing.

ISACA Standards.

ISACA Code of Ethics.

COSO: Internal Control Standards.

BS 7799 and ISO 17799: IT Security.


BSI Baselines.

CHAPTER 5. Internal Controls Concepts Knowledge.

Internal Controls.

Cost/Benefit Considerations.

Internal Control Objectives.

Types Of Internal Controls.

Systems of Internal Control.

Elements of Internal Control.

Manual and Automated Systems.

Control Procedures.

Application Controls.

Control Objectives and Risks.

General Control Objectives.

Data and Transactions Objectives.

Program Control Objectives.

Corporate IT Governance.

CHAPTER 6. Risk Management of the IS Function.

Nature of Risk.

Auditing in General.

Elements of Risk Analysis.

Defining the Audit Universe.

Computer System Threats.

Risk Management.

CHAPTER 7. Audit Planning Process.

Benefits of an Audit Plan.

Structure of the Plan.

Types of Audit.

CHAPTER 8. Audit Management.


Audit Mission.

IS Audit Mission.

Organization of the Function.


IS Audit as a Support Function.


Business Information Systems.

Integrated IS Auditor vs Integrated IS Audit.

Auditees as Part of the Audit Team.

Application Audit Tools.

Advanced Systems.

Specialist Auditor.

IS Audit Quality Assurance.

CHAPTER 9. Audit Evidence Process.

Audit Evidence.

Audit Evidence Procedures.

Criteria for Success.

Statistical Sampling.

Why Sample?

Judgmental (or Non-Statistical) Sampling.

Statistical Approach.

Sampling Risk.

Assessing Sampling Risk.

Planning a Sampling Application.

Calculating Sample Size.

Quantitative Methods.

Project Scheduling Techniques.


Computer Assisted Audit Solutions.

Generalized Audit Software.

Application and Industry-Related Audit Software.

Customized Audit Software.

Information Retrieval Software.


On-Line Inquiry.

Conventional Programming Languages.

Microcomputer-Based Software.

Test Transaction Techniques.

CHAPTER 10. Audit Reporting Follow-up.

Audit Reporting.

Interim Reporting.

Closing Conferences.

Written Reports.

Clear Writing Techniques.

Preparing To Write.

Basic Audit Report.

Executive Summary.

Detailed Findings.

Polishing the Report.

Distributing the Report.

Follow-Up Reporting.

Types of Follow-Up Action.

PART II. Information Systems/Information Technology Governance.

CHAPTER 11. Management.

IS Infrastructures.

Project-Based Functions.

Quality Control.

Operations and Production.

Technical Services.

Performance Measurement and Reporting.

Measurement Implementation.

CHAPTER 12. Strategic Planning.

Strategic Management Process.

Strategic Drivers.

New Audit Revolution.

Leveraging IS.

Business Process Re-Engineering Motivation.

IS as an Enabler of Re-Engineering.

Dangers of Change.

System Models.

Information Resource Management.

Strategic Planning for IS.

Decision Support Systems.

Steering Committees.

Strategic Focus.

Auditing Strategic Planning.

Design the Audit Procedures.

CHAPTER 13. Management Issues.


Copyrights, Trademarks, and Patents.

Ethical Issues.

Corporate Codes of Conduct.

IT Governance.

Sarbanes-Oxley Act.


CHAPTER 14. Support Tools and Frameworks.

General Frameworks.

COSO: Internal Control Standards.

Other Standards.

CHAPTER 15. Governance Techniques.

Change Control.

Problem Management.

Auditing Change Control.

Operational Reviews.

Performance Measurement.

ISO 9000 Reviews.

PART III. Systems and Infrastructure Lifecycle Management.

CHAPTER 16. Information Systems Planning.



Systems Development.

Technical Support.

Other System Users.

Segregation of Duties.

Personnel Practices.

Object-Oriented Systems Analysis.

Enterprise Resource Planning.

CHAPTER 17. Information Management and Usage.

What Are Advanced Systems?

Service Delivery and Management.

CHAPTER 18. Development, Acquisition, and Maintenance of Information Systems.

Programming Computers.

Program Conversions.

System Failures.

Systems Development Exposures.

Systems Development Controls.

Systems Development Life Cycle Control: Control Objectives.

Micro-Based Systems.

CHAPTER 19. Impact of Information Technology on the Business Processes and Solutions.


Continuous Monitoring.

Business Process Outsourcing.


CHAPTER 20. Software Development.

Developing a System.

Change Control.

Why Do Systems Fail?

Auditor's Role in Software Development.

CHAPTER 21. Audit and Control of Purchased Packages.

Information Systems Vendors.

Request For Information.

Requirements Definition.

Request For Proposal.


Systems Maintenance.

Systems Maintenance Review.


CHAPTER 22. Audit Role in Feasibility Studies and Conversions.

Feasibility Success Factors.

Conversion Success Factors.

CHAPTER 23. Audit and Development of Application Controls.

What Are Systems?

Classifying Systems.

Controlling Systems.

Control Stages.

System Models.

Information Resource Management.

Control Objectives of Business Systems.

General Control Objectives.

CAATS and their Role in Business Systems Auditing.

Common Problems.

Audit Procedures.

CAAT Use in Non-Computerized Areas.

Designing an Appropriate Audit Program.

PART IV. Information Technology Service Delivery and Support.

CHAPTER 24. Technical Infrastructure.

Auditing the Technical Infrastructure.

Computer Operations Controls.

Operations Exposures.

Operations Controls.

Personnel Controls.

Supervisory Controls.

Operations Audits.

CHAPTER 25. Service Center Management.

Continuity Management and Disaster Recovery.

Managing Service Center Change.

PART V. Protection of Information Assets.

CHAPTER 26. Information Assets Security Management.

What Is Information Systems Security?

Control Techniques.

Workstation Security.

Physical Security.

Logical Security.

User Authentication.

Communications Security.


How Encryption Works.

Encryption Weaknesses.

Potential Encryption.

Data Integrity.

Double Public Key Encryption.


Information Security Policy.

CHAPTER 27. Logical Information Technology Security.

Computer Operating Systems.

Tailoring the Operating System.

Auditing the Operating System.



Security Systems: Resource Access Control Facility.

Auditing RACF.

Access Control Facility 2.

Top Secret.

User Authentication.

Bypass Mechanisms.

CHAPTER 28. Applied Information Technology Security.

Communications and Network Security.

Network Protection.

Hardening the Operating Environment.

Client Server and Other Environments.

Firewalls and Other Protection Resources.

Intrusion Detection Systems.

CHAPTER 29. Physical and Environmental Security.

Control Mechanisms.

Implementing the Controls.

PART VI. Business Continuity and Disaster Recovery.

CHAPTER 30. Protection of the Information Technology Architecture and Assets: Disaster Recovery Planning.

Risk Reassessment.

Disaster—Before and After.

Consequences of Disruption.

Where to Start.

Testing the Plan.

Auditing the Plan.

CHAPTER 31. Insurance.


PART VII. Advanced IS Auditing.

CHAPTER 32. Auditing E-commerce Systems.

E-Commerce and Electronic Data Interchange: What Is It?

Opportunities and Threats.

Risk Factors.

Threat List.

Security Technology.

"Layer" Concept.



Trading Partner Agreements.

Risks and Controls within EDI and E-Commerce.


E-Commerce and Auditability.

Compliance Auditing.

E-Commerce Audit Approach.

Audit Tools and Techniques.

Auditing Security Control Structures.

Computer Assisted Audit Techniques.

CHAPTER 33. Auditing UNIX/Linux.


Security and Control in a UNIX/Linux System.


UNIX Security.



Auditing UNIX.

Scrutiny of Logs.

Audit Tools in the Public Domain.

UNIX passwd File.

Auditing UNIX Passwords.

CHAPTER 34. Auditing Windows.


NT and Its Derivatives.

Auditing Windows 23.

Password Protection.

File Sharing.

Security Checklist.

CHAPTER 35. Foiling the System Hackers.

CHAPTER 36. Investigating Information Technology Fraud.

Pre-Incident Preparation.

Detection of Incidents.

Initial Response.

Forensic Backups.


Network Monitoring.

Identity Theft.


APPENDIX A Ethics and Standards for the IS Auditor.

ISACA Code of Professional Ethics.

Relationship of Standards to Guidelines and Procedures.

APPENDIX B Audit Program for Application Systems Auditing.

APPENDIX C Logical Access Control Audit Program.

APPENDIX D Audit Program for Auditing UNIX/Linux Environments.

APPENDIX E Audit Program for Auditing Windows XP/2000 Environments.


Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star


4 Star


3 Star


2 Star


1 Star


Your Rating:

Your Name: Create a Pen Name or

Barnes & Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation


  • - By submitting a review, you grant to Barnes & and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Terms of Use.
  • - Barnes & reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)