Veena Hingarh - Understanding and Conducting Information Systems Auditing + Website

Contents

Founded in 1807, John Wiley & Sons is the oldest independent publishing company in the United States. With offices in North America, Europe, Asia, and Australia, Wiley is globally committed to developing and marketing print and electronic products and services for our customers professional and personal knowledge and understanding.

The Wiley Corporate F&A series provides information, tools, and insights to corporate professionals responsible for issues affecting the profitability of their company, from accounting and finance to internal controls and performance management.

Cover Image: Olena Timashova/iStockphoto

Cover Design: John Wiley & Sons, Inc.

Copyright 2013 by John Wiley & Sons Singapore Pte. Ltd.

Published by John Wiley & Sons Singapore Pte. Ltd.

1 Fusionopolis Walk, #07-01, Solaris South Tower, Singapore 138628

All rights reserved.

No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as expressly permitted by law, without either the prior written permission of the Publisher, or authorization through payment of the appropriate photocopy fee to the Copyright Clearance Center. Requests for permission should be addressed to the Publisher, John Wiley & Sons Singapore Pte. Ltd., 1 Fusionopolis Walk, #07-01, Solaris South Tower, Singapore 138628, tel: 65-6643-8000, fax: 65-6643-8008, e-mail: .

Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.

Other Wiley Editorial Offices

John Wiley & Sons, 111 River Street, Hoboken, NJ 07030, USA

John Wiley & Sons, The Atrium, Southern Gate, Chichester, West Sussex, P019 8SQ, United Kingdom

John Wiley & Sons (Canada) Ltd., 5353 Dundas Street West, Suite 400, Toronto, Ontario, M9B 6HB, Canada

John Wiley & Sons Australia Ltd., 42 McDougall Street, Milton, Queensland 4064, Australia

Wiley-VCH, Boschstrasse 12, D-69469 Weinheim, Germany

Library of Congress Cataloging-in-Publication Data

ISBN 978-1-118-34374-6 (Hardcover)

ISBN 978-1-118-34375-3 (ePDF)

ISBN 978-1-118-34376-0 (Mobi)

ISBN 978-1-118-34377-7 (ePub)

Families that bind the world

Preface

THIS BOOK FOCUSES ON an information systems audit as a management control and not a technology-driven subject. Complete with resources to understand the subject, definitions of technical terms, ready checklists to conduct an information systems audit, and multiple-choice questions to review the level of understanding, the book is designed to be an indispensable resource for the information systems practitioner and aspirant alike. Readers will find enough resources for their audit needs, examination needs, and even continuing professional education requirements.

Increased dependence on information systems assets for performing critical functions of an organization has strengthened the need for using information systems audits as a control to ensure confidentiality, integrity, and availability of information systems resources. Major problems that an information systems auditor faces include apparent technology bias of the subject, lack of a standardized audit approach, and lack of availability of standardized checklists. In this book, we have attempted to address these problems by approaching the subject from the viewpoint of management control, providing readers with requisite knowledge resources, and making available an audit tool in the form of checklists.

Our approach to an information systems audit is essentially nontechnical in nature. We firmly believe that an information systems audit is a managerial control tool and use of technology is subordinate to it. We hold that attempts to consider an information systems audit as a technical control would make it an esoteric subject and be counterproductive in the long run. Technical tools are most useful for specific applications within the domains of an information systems audit, but may not be the primary focus. The primary focus should be to establish a framework of management control, and technology could be used wherever necessary to implement the control. An information systems auditor is free to seek the help of a technology specialist to examine specific controls, whenever such a need arises. The scope of the audit will determine the extent of use of technology-driven tools. For example, an audit of network security or website penetration testing definitely requires technical competence and appropriate tools. It must be clarified that we are not underestimating the importance and convenience of technology; we are merely assigning a specific role for it within the domain of an information systems audit.

The book is divided over two partsPart One focuses on the knowledge that all information systems auditors must have to be able to effectively conduct an information systems audit. This part will act as reference material for the aspiring information systems auditors who are preparing for a certifying examination. There are 10 chapters in this part, progressively building up the competence of conducting a real-life information systems audit. The chapters in Part One are the following: