A Standard for Auditing Computer Applications / Edition 2

Paperback (Print)
Used and New from Other Sellers
Used and New from Other Sellers
from $74.93
Usually ships in 1-2 business days
(Save 87%)
Other sellers (Paperback)
  • All (3) from $74.93   
  • New (1) from $603.89   
  • Used (2) from $74.93   
Close
Sort by
Page 1 of 1
Showing All
Note: Marketplace items are not eligible for any BN.com coupons and promotions
$603.89
Seller since 2008

Feedback rating:

(213)

Condition:

New — never opened or used in original packaging.

Like New — packaging may have been opened. A "Like New" item is suitable to give as a gift.

Very Good — may have minor signs of wear on packaging but item works perfectly and has no damage.

Good — item is in good condition but packaging may have signs of shelf wear/aging or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Acceptable — item is in working order but may show signs of wear such as scratches or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Used — An item that has been opened and may show signs of wear. All specific defects should be noted in the Comments section associated with each item.

Refurbished — A used item that has been renewed or updated and verified to be in proper working condition. Not necessarily completed by the original manufacturer.

New

Ships from: Chicago, IL

Usually ships in 1-2 business days

  • Standard, 48 States
  • Standard (AK, HI)
Page 1 of 1
Showing All
Close
Sort by

Overview

A Standard for Auditing Computer Applications is a dynamic new resource for evaluating all aspects of automated business systems and systems environments. At the heart of A Standard for Auditing Computer Applications system is a set of customizable workpapers that provide blow-by-blow coverage of all phases of the IT audit process for traditional mainframe, distributed processing, and client/server environments.

A Standard for Auditing Computer Applications was developed by Marty Krist, an acknowledged and respected expert in IT auditing. Drawing upon his more than twenty years of auditing experience with leading enterprise organizations, worldwide, Marty walks you step-by-step through the audit process for system environments and specific applications and utilities. He clearly spells out what you need to look for and where to look for it, and he provides expert advice and guidance on how to successfully address a problem when you find one.

When you order A Standard for Auditing Computer Applications, you receive a powerful package containing all the forms, checklists, and templates you'll ever need to conduct successful audits on an easy to use CD-ROM. Designed to function as a handy, on-the-job resource, the book follows a concise, quick-access format. It begins with an overview of the general issues inherent in any IT review. This is followed by a comprehensive review of the audit planning process. The remainder of the book provides you with detailed, point-by-point breakdowns along with proven tools for:

  • evaluating systems environments-covers all the bases, including IT administration, security, backup and recovery planning, systems development, and more
  • Evaluating existing controls for determining hardware and software reliability
  • Assessing the new system development process
  • Evaluating all aspects of individual applications, from I/O, processing and logical and physical security to documentation, training, and programmed procedures
  • Assessing specific applications and utilities, including e-mail, groupware, finance and accounting applications, CAD, R&D, production applications, and more
Read More Show Less

Editorial Reviews

Booknews
Intended to address issues important to both the technical and the general auditor, this guide presents auditing models for basic and advanced technical subjects, along with generic and tailored approaches for evaluating information technology security and control issues. The material discusses the audit planning process, reliability controls for underlying hardware and operating system environments, the development of an automated application systems (AAS), and procedures for evaluating an AAS that is already in the production environment. The CD-ROM contains files on audit programs and working papers. Annotation c. Book News, Inc., Portland, OR (booknews.com)
Read More Show Less

Product Details

  • ISBN-13: 9780849399831
  • Publisher: Taylor & Francis
  • Publication date: 12/23/1998
  • Edition description: REV
  • Edition number: 2
  • Pages: 832
  • Product dimensions: 8.60 (w) x 11.00 (h) x 1.40 (d)

Table of Contents

PART I OVERVIEW OF INTEGRATED AUDITING
AUTOMATED APPLICATION REVIEW OVERVIEW
WHAT INTEGRATED APPLICATION SYSTEMS ARE
Proper Operation of the IT Department
Developing Automated Applications
Critical Information Technology Controls
REVIEWING APPLICATION SYSTEMS
The Audit Structure
The Internal Auditors
The Audit Manual
Managing the Individual IT Audit
IT Audit Procedures
Application Development and Testing
Documenting and Reporting Audit Work
External Auditors
ASSESSING IT AUDIT CAPABILITIES
Who Should Perform the Self-Assessment?
Conducting the Self-Assessment
Analysis and Reporting of Results
PART II. DEVELOPING THE IT AUDIT PLAN
OVERVIEW OF COMPUTER APPLICATIONS AUDIT PLANNING STANDARDS AND PROCESSES
IT AUDIT PLANNING
Overview of Standards for IT Audit Planning
STRATEGIC IT AUDIT PLANNING
THE ANNUAL IT AUDIT PLANNING PROCESS
Step 1: Identify All Potential Reviews
Step 2: Evaluate and Prioritize Possible Reviews
Step 3: Setting Preliminary Scopes
Step 4: Select and Schedule IT Audits
Step 5: Merger Audit Plans
SPECIFIC AUDIT PLANNING
Step 1: Assign An Auditor-in-Charge
Step 2: Perform Application Fact Gathering
Step 3: Analyze Application Audit Risk
Step 4: Develop and Rank Measurable Audit Objectives
Step 5: Develop Administrative Plan
Step 6: Write Audit Program
PART III. ASSESSING GENERAL IT CONTROLS
INFORMATION SYSTEMS ADMINISTRATION
Strategic Planning
Tactical Planning
Information Technology Standard Setting
PHYSICAL ACCESS SECURITY
The Data Center
Door Locks
Windows
Data Center Floor
Alarm System
Fire Suppression Systems
The Detection of and Response to Unauthorized Activity
LOGICAL ACCESS SECURITY
User Identification
End User Log-In Considerations
SYSTEMS DEVELOPMENT PROCESS
General Objectives
Specific Objectives
BACKUP AND RECOVERY
Approaches to Making Backups
Media Utilized to Make Backups
Recovery Issues
AUDITING THE MAINFRAME
Planning the Audit
Performing Fieldwork Procedures
Auditing Specific Procedures by Audit Area
Audit Finalization
AUDITING THE MIDRANGE COMPUTER
Planning the Audit
Performing Fieldwork Procedures
Auditing Specific Procedures by Audit Area
Audit Finalization
AUDITING THE NETWORK
Planning the Audit
Performing Fieldwork Procedures
Auditing Specific Procedures by Audit Area
Audit Finalization
PART IV. PERFORMING A COMPLETE EVALUATION
PERFORMING A BASIC EVALUATION
PERFORMING A COMPLETE EVALUATION
General Control Objectives
Participants in the Systems Development Life Cycle
INITIATION PHASE REVIEW
Overview
Initiation Phase Deliverables
Auditing the Initiation Phase
Setting the Scope for the SDLC Audit
Customizing the Audit Objectives
Detailed Audit Testing
Audit Results and Reporting
THE REQUIREMENTS DEFINITION PHASE REVIEW
Overview
Deliverables in the Requirements Definition Phase
The Initial Audit Evaluation
Adjusting Audit Objectives
Detailed Audit Testing
Audit Results and Reporting
Confirming The Audit Strategy
APPLICATION DEVELOPMENT PHASE
Programming Phase Overview
Programming Phase Deliverables
The Initial Audit Assessment
Conducting Interviews
Setting The Audit Objectives
Detailed Audit Testing
The Audit Test
Audit Results and Reporting
Evaluating The Audit Strategy
THE EVALUATION AND ACCEPTANCE PHASE
Overview
Initial Assessment of The Acceptance Phase
Gathering and Verifying Information on The Phase Status
Setting Objectives for the Audit
Evaluation and Acceptance Phase Considerations
Detailed Audit Testing
Audit Results and Reporting
Evaluating Audit Results and Plans
PART V ASSESSING IMPLEMENTED SYSTEMS
INITIAL REVIEW PROCEDURES
Initial Review Procedures
Review Existing Audit Files
The Planning Meeting
AUDIT EVIDENCE
Initial Workpapers
IDENTIFY APPLICATION RISKS
The Meaning of Risk
Stand Alone Risk
Relative Risk
Ensuring Success
Identifying Application Risks
Overcoming Obstacles to Success
Assigning Materiality
Computing a Risk Score
DEVELOP A DETAILED PLAN
Writing Measurable Audit Objectives
Verifying the Completeness of Measurable Audit Objectives
EVALUATE INTERNAL CONTROLS
Document Segregation of Responsibilities
Conduct an Internal Control Review
Develop Internal Control Diagrams
Test Internal Controls
Evaluate Internal Control Effectiveness
TEST DATA INTEGRITY
Conduct a Data File Survey
Create Data Test Plan
Develop Test Tools
Verify File Integrity
Evaluate the Correctness of the Test Process
Conduct Data Test
Review Data Test Results
CERTIFY COMPUTER SECURITY
Collect Data
Conduct Basic Evaluation
Conduct Detailed Evaluation
Prepare Report of Results
ANALYZE AUDIT RESULTS
Document Findings
Analyze Findings
Develop Recommendations
Document Recommendations
REVIEW AND REPORT AUDIT FINDINGS
Create the Audit Report
Review Report Reasonableness
Review Readability of Report
Prepare and Distribute Report
REVIEW QUALITY CONTROL
Conduct a Quality Control Review
Conduct a Quality Assurance Review
Improve the Application Audit Process
WORKFLOW DIAGRAMMING
Creating a Workflow Diagram
Recommended Practices for Developing Workflow Diagrams
PART VI APPENDICES
WORKPAPERS
I-3-1 Self Assessment Questionnaire: IT Environment
I-3-2 Analysis Summary for I-3-1
I-3-3 Self Assessment Questionnaire: SDLC Methodology
I-3-4 Analysis Summary for I-3-3
I-3-5 Self Assessment Questionnaire: Internal Audit Capabilities
I-3-6 Analysis Summary for I-3-5
I-3-7 Analysis Summary for I-3-2, I-3-4, and I-3-6
II-5-1 Risk Assessment Model (100-Point System)
II-5-2 Risk Assessment Model (Weighted System)
II-5-3 Risk Assessment Model (10-Point System)
II-5-4 Risk Assessment Model (100-Point Total System)
III-1 Generic Questionnaire
III-2 Generic Program
III-3 Generic Workpaper Set
III-7-1 Complete Sample IT Security Policy
III-11-1 Standard Business Continuity Planning Audit Program
III-13-1 Midrange Questionnaire (AS/400)
III-14-1 Network Questionnaire (Novell)
A-1 Audit Assignment Interview Checklist
A-2 Audit Success Criteria Worksheet
A-3 Preliminary Conference Background Information Checklist
A-4 Conference Preparation Checklist
A-5 Post-Conference Background Information Cheklist
A-6 Input Transactions Worksheet
A-7 Data File Worksheet
A-8 Output Report and User Worksheet
A-9 User Satisfaction Questionnaire
A-10 Data Flow Diagram
A-11 Structural Risk Assessment
A-12 Technical Risk Assessment
A-13 Size Risk Assessment
A-14 Risk Score Summary
A-15 Risk Assessment Program
A-16 Application Risk Worksheet
A-17 Application Risk Worksheet (Blank)
A-18 Application Risk Ranking
A-19 File or Database Population Analysis
A-20 Measurable Application Audit Objectives
A-21 EDP Application Audit Plan
A-22 Responsibility Conflict Matrix
A-23 Data Origination Controls Questionnaire
A-24 Data Input Controls Questionnaire
A-25 Data Processing Controls Questionnaire
A-26 Data Output Controls Questionnaire
A-27 Data Flow Control Diagram
A-28 Transaction Flow Control Diagram
A-29 Responsibility Vulnerability Worksheet
A-30 Transaction Vulnerability Worksheet
A-31 Application Control Test Plan
A-32 Designing the Control Test
A-33 Testing Controls
A-34 Evaluation of Tested Controls
A-35 Computer File Survey
A-36 Manual File Survey
A-37 Data Audit Objective Test
A-38 Test Tool Worksheet
A-39 File Integrity Program
A-40 File Integrity Proof Sheet
A-41 Structural Test Program
A-42 Functional Test Program
A-43 Data Test Program
A-44 Data Test Checklist
A-45 Test Results Review
A-46 Key Security Planning Questions
A-47 Partition of Applications
A-48 Security Requirements
A-49 Risk Analysis
A-50 Document Review Guide
A-51 Planning the Interviews
A-52 Interview Results
A-53 Security Requirements Evaluation
A-54 Methodology Review
A-55 Detailed Review of Security Safeguards
A-56 Security Certification Statement
A-57 Detailed Evaluation Report
A-58 Audit Finding Documentation
A-59 Analysis of Finding
A-60 Developing Recommendations
A-61 Effective Data Processing Control Practices
A-62 Audit Recommendation Worksheet
A-63 Report Objectives Worksheet
A-64 Audit-Report-Writing Program
A-65 Report Reasonableness Checklist
A-66 Report Readability Checklist
A-67 Exit Conference Program
A-68 Report Issuance and Follow-Up Program
A-69 Computer Application Audit Quality Control Checklist
A-70 Audit Performance Problem Worksheet (Blank)
A-71 Audit Performance Problem Worksheet
A-72 Audit Process Problem Cause Identification Worksheet
A-73 Audit Process Improvement Recommendation Worksheet

Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star

(0)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)