| Control and audit of information systems are becoming increasingly important due to the competitive impact of information technology. In fact, Information Systems are critical for the general functioning of our society and information is confirmed as the organization's most valuable asset. Another important aspect to be taken into account is the amount of resources expended by information technology departments. The continuously increasing budgets of these departments preoccupy executive managers who generally cannot even understand what money is being spent on. |
| In fact, until the 1980s, some organizations considered it possible to audit computers without specialized technical knowledge ("auditing around the computer"). But nowadays, after various resounding cases of fraud, a new speciality inside auditing is becoming necessary in order to control the correct, efficient and effective operation of computerized information systems, that is, "auditing of the computer". |
| Information Systems (and the technology that supports them) must be audited in order to improve their benefits and allow organizations to manage the risks attached to them. |
| The main objective of this book is to give a global vision of information systems audit and control, exposing the main techniques and methods, and analyzing several aspects (legislative, deontological, etc) related to IT audit and control. This book also provides guidelines to audit some critical areas of IT (security, maintenance, datawarehouses, etc.) The chapters in this book are intended to be useful to a wide audience: IS/IT managers, IT auditors, executives, CIOs, internal auditors, consultants, management accountants, EDP professionals, information security specialists, and also students, as IS Audit has been recently introduced in different universities as a subject. |
|
