ebook img

Information technology control and audit PDF

511 Pages·2019·10.078 MB·English
by  OteroAngel R
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Information technology control and audit

Information Technology Control and Audit Information Technology Control and Audit Fifth Edition Angel R. Otero CRC Press Taylor & Francis Group 6000 Broken Sound Parkway NW, Suite 300 Boca Raton, FL 33487-2742 © 2019 by Taylor & Francis Group, LLC CRC Press is an imprint of Taylor & Francis Group No claim to original U.S. Government works Printed on acid-free paper International Standard Book Number-13: 978-1-4987-5228-2 (Hardback) This book contains information obtained from authentic and highly regarded sources. Reasonable efforts have been made to publish reliable data and information, but the author and publisher cannot assume responsibility for the validity of all materials or the consequences of their use. The authors and publishers have attempted to trace the copyright holders of all material reproduced in this publication and apologize to copyright holders if permission to publish in this form has not been obtained. If any copyright material has not been acknowledged please write and let us know so we may rectify in any future reprint. Except as permitted under U.S. Copyright Law, no part of this book may be reprinted, reproduced, transmitted, or utilized in any form by any electronic, mechanical, or other means, now known or hereafter invented, including pho- tocopying, microfilming, and recording, or in any information storage or retrieval system, without written permission from the publishers. For permission to photocopy or use material electronically from this work, please access www. copyright.com (http:// www.copyright.com/) or contact the Copyright Clearance Center, Inc. (CCC), 222 Rosewood Drive, Danvers, MA 01923, 978-750-8400. CCC is a not-for-profit organization that provides licenses and registration for a variety of users. For organizations that have been granted a photocopy license by the CCC, a separate system of payment has been arranged. Trademark Notice: Product or corporate names may be trademarks or registered trademarks, and are used only for identification and explanation without intent to infringe. Visit the Taylor & Francis Web site at http://www.taylorandfrancis.com and the CRC Press Web site at https://www.crcpress.com I dedicate this book to my wife, Ghia, my daughter Elizabeth, and my sons, Leonardo and Giancarlo. I also dedicate this book to my parents, Angel and Lydia, and my brothers, Luis Daniel and Carlos. Contents Preface ....................................................................................................................................xvii Acknowledgments .................................................................................................................xxiii Author .....................................................................................................................................xxv SeCtion i FoUnDAtion FoR it AUDit 1 Information Technology Environment and IT Audit ...................................................3 IT Environment .................................................................................................................3 Enterprise Resource Planning (ERP) .............................................................................4 Cloud Computing .........................................................................................................5 Mobile Device Management (MDM) ...........................................................................6 Other Technology Systems Impacting the IT Environment ..........................................6 IT Environment as Part of the Organization Strategy ...................................................7 The Auditing Profession .....................................................................................................7 Financial Auditing ........................................................................................................9 Internal versus External Audit Functions ..........................................................................10 Internal Audit Function ...............................................................................................10 External Audit Function ..............................................................................................11 What Is IT Auditing? .......................................................................................................11 IT Auditing Trends ...........................................................................................................13 Information Assurance .................................................................................................15 Need for IT Audit .............................................................................................................16 IT Governance .............................................................................................................18 Role of the IT Auditor ......................................................................................................19 IT Auditor as Counselor ...............................................................................................19 IT Auditor as Partner of Senior Management ..............................................................20 IT Auditor as Investigator ...........................................................................................20 IT Audit: The Profession ...................................................................................................21 A Common Body of Knowledge ..................................................................................21 Certification ................................................................................................................22 Continuing Education ................................................................................................22 Professional Associations and Ethical Standards..........................................................23 Educational Curricula .................................................................................................24 IT Auditor Profile: Experience and Skills ..........................................................................25 Career Opportunities .......................................................................................................26 vii viii ◾ Contents Public Accounting Firms .............................................................................................26 Private Industry ...........................................................................................................26 Management Consulting Firms ...................................................................................26 Government ................................................................................................................27 Conclusion .......................................................................................................................27 Review Questions ............................................................................................................28 Exercises ..........................................................................................................................28 Further Reading ..............................................................................................................29 2 Legislation Relevant to Information Technology .......................................................31 IT Crimes and Cyberattacks .............................................................................................31 Federal Financial Integrity Legislation—Sarbanes–Oxley Act of 2002.............................35 PCAOB .......................................................................................................................36 Auditor Independence Rules and Corporate Governance Standards ...........................37 Increasing Criminal Penalties for Violations of Securities Laws ...................................38 Federal Security Legislation .............................................................................................38 Computer Fraud and Abuse Act of 1984 .....................................................................39 Computer Security Act of 1987 ...................................................................................39 Homeland Security Act of 2002 ..................................................................................40 Payment Card Industry Data Security Standards of 2004 ............................................41 Federal Information Security Management Act of 2002 ..............................................41 Electronic Signature Laws—Uniform Electronic Transactions Act of 1999 and Electronic Signatures in Global and National Commerce Act of 2000 .......................42 Privacy Legislation ...........................................................................................................42 Privacy Act of 1974 .....................................................................................................43 Electronic Communications Privacy Act of 1986 ........................................................43 Communications Decency Act of 1996 .......................................................................44 Children’s Online Privacy Protection Act of 1998 .......................................................44 Health Insurance Portability and Accountability Act of 1996 .....................................44 The Health Information Technology for Economic and Clinical Health of 2009 ........45 Gramm–Leach–Bliley Act of 1999 ..............................................................................46 Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act (USA PATRIOT Act) of 2001 .........................46 State Laws .........................................................................................................................47 International Privacy Laws ................................................................................................52 Conclusion ........................................................................................................................55 Review Questions .............................................................................................................55 Exercises ..........................................................................................................................56 Further Reading ..............................................................................................................56 3 The IT Audit Process ..................................................................................................59 Audit Universe ..................................................................................................................59 COBIT ............................................................................................................................60 Risk Assessment ...............................................................................................................63 Audit Plan ........................................................................................................................64 Objectives and Context ...............................................................................................68 IT Audits Conducted to Support Financial Statement Audits .................................69 Contents ◾ ix Audit Schedule ............................................................................................................70 Audit Budget and Scoping ..........................................................................................70 Audit Team, Tasks, and Deadlines ..............................................................................70 Audit Process ...................................................................................................................78 Preliminary Review .....................................................................................................78 General Information about IT Environment ..........................................................79 Design Audit Procedures .............................................................................................80 Identifying Financial Applications ..........................................................................80 Test Controls ................................................................................................................81 Substantive Testing .....................................................................................................83 Document Results ........................................................................................................85 Audit Findings .........................................................................................................85 Conclusions and Recommendations .......................................................................86 Communication ..........................................................................................................86 Other Types of IT Audits .................................................................................................91 Enterprise Architecture ................................................................................................91 Computerized Systems and Applications .....................................................................92 Information Processing Facilities .................................................................................92 Systems Development ..................................................................................................92 Business Continuity Planning/Disaster Recovery Planning ........................................92 Conclusion .......................................................................................................................93 Review Questions ............................................................................................................93 Exercises ..........................................................................................................................93 Further Reading ..............................................................................................................95 4 Tools and Techniques Used in Auditing IT ................................................................97 Audit Productivity Tools ..................................................................................................98 Audit Planning and Tracking ......................................................................................98 Documentation and Presentations ...............................................................................99 Communication ..........................................................................................................99 Data Management, Electronic Working Papers, and Groupware ................................99 Resource Management ...............................................................................................101 System Documentation Techniques to Understand Application Systems ........................101 Flowcharting as an Audit Analysis Tool ..........................................................................103 Understanding How Applications Process Data .........................................................104 Identifying Documents and Their Flow through the System ......................................104 Defining Data Elements .............................................................................................106 Developing Flowchart Diagrams ................................................................................106 Evaluating the Quality of System Documentation .....................................................106 Assessing Controls over Documents ...........................................................................106 Determining the Effectiveness of Data Processing ......................................................107 Evaluating the Accuracy, Completeness, and Usefulness of Reports ...........................107 Appropriateness of Flowcharting Techniques ..................................................................107 Computer-Assisted Audit Techniques (CAATs) ..............................................................109 Items of Audit Interest ................................................................................................110 Audit Mathematics .....................................................................................................110 Data Analysis .............................................................................................................110

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.