Understanding and Conducting Information Systems Auditing + Website [NOOK Book]

Overview

A comprehensive guide to understanding and auditing modern information systems

The increased dependence on information system resources for performing key activities within organizations has made system audits essential for ensuring the confidentiality, integrity, and availability of information system resources. One of the biggest challenges faced by auditors is the lack of a standardized approach and relevant checklist. Understanding and Conducting Information Systems Auditing...

See more details below
Understanding and Conducting Information Systems Auditing + Website

Available on NOOK devices and apps  
  • NOOK Devices
  • NOOK HD/HD+ Tablet
  • NOOK
  • NOOK Color
  • NOOK Tablet
  • Tablet/Phone
  • NOOK for Windows 8 Tablet
  • NOOK for iOS
  • NOOK for Android
  • NOOK Kids for iPad
  • PC/Mac
  • NOOK for Windows 8
  • NOOK for PC
  • NOOK for Mac
  • NOOK Study
  • NOOK for Web

Want a NOOK? Explore Now

NOOK Book (eBook)
$54.49
BN.com price
(Save 42%)$95.00 List Price
Note: This NOOK Book can be purchased in bulk. Please email us for more information.

Overview

A comprehensive guide to understanding and auditing modern information systems

The increased dependence on information system resources for performing key activities within organizations has made system audits essential for ensuring the confidentiality, integrity, and availability of information system resources. One of the biggest challenges faced by auditors is the lack of a standardized approach and relevant checklist. Understanding and Conducting Information Systems Auditing brings together resources with audit tools and techniques to solve this problem.

Featuring examples that are globally applicable and covering all major standards, the book takes a non-technical approach to the subject and presents information systems as a management tool with practical applications. It explains in detail how to conduct information systems audits and provides all the tools and checklists needed to do so. In addition, it also introduces the concept of information security grading, to help readers to implement practical changes and solutions in their organizations.

  • Includes everything needed to perform information systems audits
  • Organized into two sections—the first designed to help readers develop the understanding necessary for conducting information systems audits and the second providing checklists for audits
  • Features examples designed to appeal to a global audience

Taking a non-technical approach that makes it accessible to readers of all backgrounds, Understanding and Conducting Information Systems Auditing is an essential resource for anyone auditing information systems.

Read More Show Less

Product Details

  • ISBN-13: 9781118343753
  • Publisher: Wiley, John & Sons, Incorporated
  • Publication date: 1/30/2013
  • Series: Wiley Corporate F&A
  • Sold by: Barnes & Noble
  • Format: eBook
  • Edition number: 1
  • Pages: 304
  • File size: 16 MB
  • Note: This product may take a few minutes to download.

Meet the Author

VEENA HINGARH is Joint Director of the South Asian Management Technologies Foundation, a center for research, training, and application in the areas of finance and risk management, which provides training in areas including IS auditing, enterprise risk management, and risk modeling. Winner of numerous merit-based awards during her career, Hingarh's major areas of focus are IFRS and IS. She speaks frequently at conferences and platforms throughout Asia and the Middle East. Hingarh is a Chartered Accountant from the Institute of Chartered Accountants of India (ICAI), Certified Company Secretary of the Institute of Company Secretaries of India (ICSI), and Certified Information System Auditor (CISA) from ISACA (USA).

ARIF AHMED is a professor at and Director of the South Asian Management Technologies Foundation as well as a Chartered Accountant from the Institute of Chartered Accountants of India (ICAI). He is an Information Security Management System Lead Auditor for the British Standards Institution. Ahmed's areas of focus are finance and risk management, and he has over two decades of postqualification experience in training and strategic consulting. He has been interviewed and quoted throughout the media and has spoken at various seminars and institutions, including the Institute of Chartered Accountants of India, XLRI, and the Institute of Company Secretaries of India.

Read More Show Less

Table of Contents

Preface xi

Acknowledgments xv

PART ONE: CONDUCTING AN INFORMATION SYSTEMS AUDIT 1

Chapter 1: Overview of Systems Audit 3

Information Systems Audit 3

Information Systems Auditor 4

Legal Requirements of an Information Systems Audit 4

Systems Environment and Information Systems Audit 7

Information System Assets 8

Classification of Controls 9

The Impact of Computers on Information 12

The Impact of Computers on Auditing 14

Information Systems Audit Coverage 15

Chapter 2: Hardware Security Issues 17

Hardware Security Objective 17

Peripheral Devices and Storage Media 22

Client-Server Architecture 23

Authentication Devices 24

Hardware Acquisition 24

Hardware Maintenance 26

Management of Obsolescence 27

Disposal of Equipment 28

Problem Management 29

Change Management 30

Network and Communication Issues 31

Chapter 3: Software Security Issues 41

Overview of Types of Software 41

Elements of Software Security 47

Control Issues during Installation and Maintenance 53

Licensing Issues 55

Problem and Change Management 56

Chapter 4: Information Systems Audit Requirements 59

Risk Analysis 59

Threats, Vulnerability, Exposure, Likelihood, and Attack 61

Information Systems Control Objectives 61

Information Systems Audit Objectives 62

System Effectiveness and Effi ciency 63

Information Systems Abuse 63

Asset Safeguarding Objective and Process 64

Evidence Collection and Evaluation 65

Logs and Audit Trails as Evidence 67

Chapter 5: Conducting an Information Systems Audit 71

Audit Program 71

Audit Plan 72

Audit Procedures and Approaches 75

System Understanding and Review 77

Compliance Reviews and Tests 77

Substantive Reviews and Tests 80

Audit Tools and Techniques 81

Sampling Techniques 84

Audit Questionnaire 85

Audit Documentation 86

Audit Report 87

Auditing Approaches 89

Sample Audit Work-Planning Memo 91

Sample Audit Work Process Flow 93

Chapter 6: Risk-Based Systems Audit 101

Conducting a Risk-Based Information Systems Audit 101

Risk Assessment 104

Risk Matrix 105

Risk and Audit Sample Determination 107

Audit Risk Assessment 109

Risk Management Strategy 112

Chapter 7: Business Continuity and Disaster Recovery Plan 115

Business Continuity and Disaster Recovery Process 115

Business Impact Analysis 116

Incident Response Plan 118

Disaster Recovery Plan 119

Types of Disaster Recovery Plans 120

Emergency Preparedness Audit Checklist 121

Business Continuity Strategies 122

Business Resumption Plan Audit Checklist 123

Recovery Procedures Testing Checklist 126

Plan Maintenance Checklist 126

Vital Records Retention Checklist 127

Forms and Documents 128

Chapter 8: Auditing in the E-Commerce Environment 147

Introduction 147

Objectives of an Information Systems Audit in the E-Commerce Environment 148

General Overview 149

Auditing E-Commerce Functions 150

E-Commerce Policies and Procedures Review 155

Impact of E-Commerce on Internal Control 155

Chapter 9: Security Testing 159

Cybersecurity 159

Cybercrimes 160

What Is Vulnerable to Attack? 162

How Cyberattacks Occur 162

What Is Vulnerability Analysis? 165

Cyberforensics 168

Digital Evidence 170

Chapter 10: Case Study: Conducting an Information Systems Audit 173

Important Security Issues in Banks 174

Implementing an Information Systems Audit at a Bank Branch 180

Special Considerations in a Core Banking System 185

PART TWO: INFORMATION SYSTEMS AUDITING CHECKLISTS 197

Chapter 11: ISecGrade Auditing Framework 199

Introduction 199

Licensing and Limitations 200

Methodology 200

Domains 200

Grading Structure 202

Selection of Checklist 203

Format of Audit Report 206

Using the Audit Report Format 207

Chapter 12: ISecGrade Checklists 209

Checklist Structure 209

Information Systems Audit Checklists 210

Chapter 13: Session Quiz 281

Chapter 1: Overview of Systems Audit 281

Chapter 2: Hardware Security Issues 284

Chapter 3: Software Security Issues 286

Chapter 4: Information Systems Audit Requirements 288

Chapter 5: Conducting an Information Systems Audit 290

Chapter 6: Risk-Based Systems Audit 293

Chapter 7: Business Continuity and Disaster Recovery Plan 294

Chapter 8: Auditing in an E-Commerce Environment 296

Chapter 9: Security Testing 297

About the Authors 299

About the Website 301

Index 303

Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star

(0)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)