Introduction Auditing Internal Controls in an IT Environment SOx and the COSO Internal Controls Framework Roles and Responsibilities of IT Auditors

Transcription

1 Introduction Auditing Internal Controls in an IT Environment SOx and the COSO Internal Controls Framework Roles and Responsibilities of IT Auditors Importance of Effective Internal Controls and COSO COSO Internal Control Systems Monitoring Guidance Sarbanes-Oxley Act Wrapping It Up: COSO Internal Controls and Sox Using CobiT to Perform IT Audits Introduction to CobiT CobiT Framework Using CobiT to Assess Internal Controls Using CobiT in a SOx Environment CobiT Assurance Framework Guidance CobiT in Perspective IIA and ISACA Standards for the Professional Practice of Internal Auditing Internal Auditing's International Professional Practice Standards Content of the IPPF and the IIA International Standards Strongly Recommended IIA Standards Guidance ISACA IT Auditing Standards Overview Codes of Ethics: The IIA and ISACA Understanding Risk Management Through COSO ERM Risk Management Fundamentals Quantitative Risk Analysis Techniques IIA and ISACA Risk Management Internal Audit Guidance COSO ERM: Enterprise Risk Management IT Audit Risk and COSO ERM Performing Effective IT Audits IT Audit and the Enterprise Internal Audit Function Organizing and Planning IT Audits Developing and Preparing Audit Programs Gathering Audit Evidence and Testing Results Workpapers and Reporting IT Audit Results Preparing Effective IT Audits Auditing IT General Controls General Controls in Today's IT Environments

2 Importance of IT General Controls IT Governance General Controls IT Management General Controls IT Technical Environment General Controls Infrastructure Controls and ITIL Service Management Best Practices ITIL Service Management Best Practices ITIL's Service Strategies Component ITIL Service Design ITIL Service Transition Management Processes ITIL Service Operation Processes Service Delivery Best Practices Auditing IT Infrastructure Management Systems Software and IT Operations General Controls IT Operating System Fundamentals Features of a Computer Operating System Other Systems Software Tools Evolving Control Issues: Wireless Networks, Cloud Computing, and Virtualization Understanding and Auditing IT Wireless Networks Understanding Cloud Computing Storage Management Virtualization Auditing and Testing IT Application Controls Selecting, Testing, and Auditing IT Applications IT Application Control Elements Selecting Applications for IT Audit Reviews Performing an Applications Controls Reviews: Preliminary Steps Completing the IT Applications Controls Audit Application Review Case Study: Client-Server Budgeting System Auditing Applications Under Development Importance of Reviewing IT Applicatio Controls Software Engineering and CMMi Software Engineering Concepts CMMi: Capability Maturity Model for Integration CMMi Benefits IT Audit, Internal Control, and CMMi Auditing Service-Oriented Architectures and Record Management Processes

3 Service-Oriented Computing and Service-Driven Applications IT Auditing in SOA Environments Electronic Records Management Internal Control Issues and Risks IT Audits of Electronic Records Management Processes Computer-Assisted Audit Tools and Techniques Understanding Computer-Assisted Audit Tools and Techniques Determining the Need for CAATTs CAATT Software Tools Steps to Building Effective CAATTs Importance of CAATTs for Audit Evidence Gathering Continuous Assurance Auditing, OLAP and XBRL Implementing Continuous Assurance Auditing Benefits of Continuous Assurance Auditing Tools Data Warehouses, Data Mining, and OLAP XBRL: The Internet-Based Extensible Marking Language Newer Technologies, the Continuous Close, and IT audit Importance of IT Governance IT Controls and the Audit Committee Role of the Audit Committee for IT Auditors Audit Committee Approval of Internal Audit Plans and Budgets Audit Committee Briefings on IT Audit Issues Audit Committee Review and Action on Significant IT Audit Findings IT Audit and the Audit Committee Val IT, Portfolio Management, and Project Management Val IT: Enhancing the Value of IT Investments IT Systems Portfolio and Program Management Project Management for IT Auditors Compliance with IT-Related Laws and Regulations Computer Fraud and Abuse Act Computer Security Act of 1987 Gramm - Leach - Bliley Act HIPAA: Healthcare and Much More Other Personal Privacy and Security Legislative Requirements IT-Related Laws, Regulations, and Audit Standards Understanding and Reviewing Compliance with ISO Standards Background and Importance of ISO Standards in a Global Commerce World ISO Standards Overview

4 ISO Quality Management Systems Auditing ISO Standards and IT Auditors IT Security Environment CONTROLS Generally Accepted Security Standards Effective IT Perimeter Security Establishing an Effective, Enterprise-Wide Security Strategy Best Practices for It Audit and Security Cyber-Security and Privacy Controls IT Network Security Fundamentals IT Systems Privacy Concerns PCI-DSS Fundamentals Auditing IT Security and Privacy Security and Privacy in the IT Audit Department IT Fraud Detection and Prevention Understanding and Recognizing Fraud in an IT Environment Red Flags: Fraud Detection Signs for IT and other Internal Auditors Public Accounting's Role in Fraud Detection IIA Standards and ISACA Materials for Detecting and Investigating Fraud IT Audit Fraud Risk Assessments IT Audit Fraud Investigations IT Fraud Prevention Processes Fraud Detection and the IT Auditor Identity and Access Management Importance of Identity and Access Management Identity Management Processes Separation of Duties Identify Management Controls Access Management Provisioning Authentication and Authorization Auditing Identity and Access Management Processes Establishing Effective IT Disaster Recovery Processes IT Disaster and Business Continuity Planning Today Building and Auditing an IT Disaster Recovery Plan Building the IT Disaster Recovery Plan Disaster Recovery Planning and Service Level Agreements Newer Disaster Recovery Plan Technologies: Data Mirroring Techniques Auditing Business Continuity Plans

5 Disaster Recovery and Business Continuity Planning Going Forward Electronic Archiving and Data Retention Elements of a Successful Electronic Records Management Process Electronic Documentation Standards Implementing Electronic IT Data Archiving Auditing Electronic Document Retention and Archival Processes Business Continuity Management and BS IT Business Continuity Management Planning Needs Today BS Good Practice Guidelines Auditing BCM Processes Linking the BCM with Other Standards and Processes Auditing Telecommunications and IT Communications Networks Network Security Concepts Effective IT Network Security Controls Auditing a VPN Installation Change and Patch Management Controls IT Change Management Processes Auditing IT Change and Patch Management Controls Six Sigma and Lean Technologies Six Sigma Background and Concepts Implementing Six Sigma Lean Six Sigma Building an Effective IT Internal Audit Function Establishing an IT Internal Audit Function Internal Audit Charter: An Important IT Audit Authorization Role of the Chief Audit Executive IT Audit Specialists IT Audit Managers and Supervisors Internal and IT Audit Policies and Procedures Organizing an Effective IT Audit Function Importance of a Strong IT Audit Function Professional Certifications: CISA, CIA, and More Certified Information Systems Auditor Credentials Certified Information Security Manager Credentials

6 Certificate in the Governance of Enterprise IT Certified Internal Auditor Responsibilities and Requirements Beyond the CIA: Other IIA Certifications CISSP Information Systems Security Professional Certification Certified Fraud Examiner Certification.. ASQ Internal Audit Certifications Other Internal Auditor Certifications Quality Assurance Auditing and ASQ Standards Duties and Responsibilities of Quality Auditors Role of the Quality Auditor Performing ASQ Quality Audits Quality Assurance Reviews of IT Audit Functions Future Directions for Quality Assurance Auditing About the Author Index Table of Contents provided by Blackwell's Book Services and R.R. Bowker. Used with permission.