ISBN: 3540221557
TITLE: Information Technology Auditing
AUTHOR: Pathak
TOC:

1 IT Auditing: An Overview and Approach 1
1.1 Evolution in Managements' Perceptions 1
1.2 Evolution in Information Processing Capabilities 2
1.3 Exposure to Loss 3
1.4 Objectives of IT Auditing 5
1.5 Intemal Controls and IT Audit 5
1.5.1 Various Internal Controls 7
1.6 Growth and Genesis of IT Auditing 7
1.7 IT Audit Approach 9
1.7.1 Nature of IT Controls 9
1.7.2 Controls and Loss 11
1.7.3 Internal Controls and Auditing Approach 12
1.8 Steps in an IT Audit 12
1.9 Audit Decisions 15
2 Auditing and Complex Business Information Systems 21
2.1 Complex Integrated Accounting Systems 22
2.2 Distributed Data and its Effects on Organisations 24
2.2.1 Networks 25
2.2.2 Portability and Systems 31
2.2.3 Integration of Applications 32
2.3 Productivity Aspect of the Technology 32
2.4 Business Process Re-engineering 33
2.5 Intelligent Systems 34
2.6 Auditors and Changing Technology 36
2.7 Strategic Use of Technology and Audit Implications 37
2.8 Internal Controls and Auditing 40
3 Generation-X Technologies and IT Auditing 45
3.1 Generation-X Enterprise Technologies 46
3.2 Information Systems Integration: A Challenge 48
3.3 Assured Information Emanates from Assured Systems 51
3.4 Information Assurance: A Function of Strategic Importance 53
3.5 Various Information Assurance and Control Measures 56
3.5.1 Web-Level Assurance Measures 57
3.6 Control Objectives and System Assurance 58
3.6.1 British Standards: BS7799 and BS 7799-2:2002 60
3.6.2 System Security Engineering Capability Maturity Model: SSE-CMM 60
4 Complex Information Systems, Auditing Standards and IT Auditors 63
4.1 The Approach and Objectives 63
4.1.1 The Scenario 65
4.2 Impact of Technology Complexity on the Auditor 65
4.2.1 Complex Information Technologies and Audit Risks 67
4.2.2 SAS-94 and its Effeet an the Audit Process 70
5 ERP and Information Integration Issues: Perspective for Auditors 75
5.1 What is Enterprise Resource Planning? 77
5.2 Implementation Cycle 79
5.3 Conceptual Models 80
5.3.1 Successes and Disasters 81
5.4 Types of Implementation 82
5.5 Social Integration 83
5.6 Resistance in Social Integration 84
5.7 Process Integration 84
5.7.1 Communications in Process Integration 85
5.7.2 Alignment of Culture in Process Integration 86
5.7.3 Knowledge Integration 86
5.7.4 Workflow Integration 89
5.7.5 Best Practices in Functional Integration 90
5.7.6 Virtual Integration 91
5.8 Auditor and ERP 92
5.8.1 ERP Internat Control Procedures 92
6 Technology, Auditing and Cyber-Commerce 95
6.1 Technology and Auditing 96
6.2 Risk Understanding in e-Commerce for IT Auditor 99
6.3 Information at Risk 101
6.4 Controls and Audit Evidences 105
7 IT Auditing and Security of Information Systems 107
7.1 Information Security 108
7.1.1 Computer Assets 109
7.2 Security Controls 110
7.3 Security Evaluation and Certification Criteria 112
7.3.1 Networks Security 113
7.3.2 OSI Architecture 115
7.3.3 Security Mechanisms 118
7.3.4 Integrity 120
7.3.5 Security Mechanisms Location 122
7.4 Future Trends 123
7.5 Exemplary Case Laws Related to Security Needs and Breaches in USA 124
7.5.1 Case Laws Related to Data Preservation 124
7.5.2 Case Laws Pertaining to the Scope of Discovery 125
7.5.3 Case Laws Related to the Records Management 131
7.5.4 Case Laws Pertaining to the Use of Experts 133
7.5.5 Case Laws Related to the Costs and Allocation 134
7.5.6 Case Laws Related to the Spoliation and Sanctions 136
7.5.7 Case Laws Pertaining to Inadvertent Disclosure 139
7.5.8 Case Laws Related to the Method of Litigation 140
7.5.9 Case Laws Related to Criminal Issues of Security 142
7.5.10 Case Laws Related to the Reliability 142
7.5.11 E-Sign Statute and Case Laws 143
7.5.12 Case Laws an Privacy 144
7.6 Kind of Audits Called Security Audits 145
7.6.1 Internet/Perimeter Audit 145
7.6.2 Website Audit 145
7.6.3 Penetration Audit (Ethical Hacking) 145
7.6.4 Wireless Audit 146
7.6.5 Network Audit 146
7.6.6 Security Policies and Procedures Audit 146
7.6.7 Facilities Audit (Physical) 146
7.6.8 Business Continuity Plan (BCP) and Disaster Recovery (DR) 147
7.6.9 Regulatory Compliance Audits 147
7.7 How Can Security Audit Help the Enterprises? 148
7.7.1 Protecting the Physical Safety of Your Employees, Vendors, and Visitors 148
8 Information Technology Governance and COBIT 151
8.1 Why Do we Need IT Governance? 152
8.2 Introduction to COBIT 153
8.2.1 COBIT and the Realitv 154
9 Database Management Systems and Auditing 157
9.1 Concepts of Database Technology for Auditors 157
9.1.1 Data Independence 158
9.1.2 Database Management Systems and its Functions 158
9.1.3 Retational Database Management Systems (RDMS) 162
9.1.4 Database Security 167
9.1.5 Distributed Database Systems 174
9.1.6 Object Data Management Systems 175
9.1.7 Relation and Object: A Comparison 175
9.1.8 Data Warehouses 177
9.2 Operational Systems Compared to Informational Systems 178
10 EAI: Auditors Should Know Potential Risks to Enterprise 181
10.1 The Promise of EAI 184
10.2 Improvement in Productivity 184
10.2.1 Data Flow Streamlined 185
10.3 EAI Reaches Beyond Your Borders 185
10.3.1 Lowered Costs 186
Bibliography and Further References 189
Glossary of IT Auditing Terms 209
END
