IT Auditing: An Adaptive Process

Author: Robert E. Davis, MBA, CISA, CICA
Length: 148 page(s)
Written: Nov 2010
Sales Rank: - XinXii Sales Rank

Views: 247

Category: Business & Politics » Taxes & Auditing | Work: Guidebook
Keywords: Audit, Assurance Service, Audit Objectives, Audit Evidence, Audit Process, Audit Reporting, Control Environment, Information Systems, Information Technology, IS Audit, IT Audit, Planning and Organization, Study and Evaluation, Testing of Controls, Finding Form

“IT Auditing: An Adaptive Process” is a self-contained workbook.

The global Information Technology (IT) community considers becoming a Certified Information Systems Auditor (CISA) a major accomplishment. To obtain the CISA designation information systems auditors, controls, or security professionals must pass a rigorous test demonstrating knowledge in a multitude of information systems audit process areas. Information Systems Audit and Control Association (ISACA) standards and guidelines, audit risk, and audit objectives are just a few knowledge requirements CISA candidates must master.

Objectives

“IT Auditing: An Adaptive Process” provides a proven approach to IT audit planning, study, evaluation, testing, and reporting methods. Systemically, this book covers major steps in the IT audit process not chronicled in ISACA standards and guidelines. In terms of content, this workbook converts selected audit standards and guidelines into practical applications using detailed examples. This workbook also allows auditors to understand various steps and processes required to adequately initiate, document, and compile IT audit phases. Through this book, an auditor will acquire an appreciation for IT financial statement, government, and external auditing. Collectively, “IT Auditing: An Adaptive Process” can function as a study guide for CISA examination preparation as well as an audit reference manual.

Organization of Workbook

IT audit area mastery reflects professional experience and training. Regarding subject mastery, this book contains a detail preparation, documentation, and presentation process for IT audits; which can be translated, if practiced, into professional experience.

Chronologically, this book describes required audit steps performed during an audit area assignment.

Specifically, in Chapter 1, audit objectives, risk, and materiality from an IT auditor’s perspective are described, while simultaneously presenting other equivalent audit standards and guidelines. Furthermore, auditor opening conference communication is discussed at the chapter’s conclusion.

Chapter 2 continues the IT audit process by expanding discussion on legislative enactments effecting audit area study. This chapter also presents management’s control objective determination as well as studied controls evaluation. At the chapter’s end audit risk and testing reassessment is discussed.

Chapter 3 presents standard auditor testing for IT audit areas based on related control objectives. The types of audit testing are categorized and explained to demonstrate the testing diversity available to the IT auditor. This chapter concludes with a discussion concerning the evaluation of test results and the reassessment of audit area audit risk.

Lastly, Chapter 4 provides the steps required to report on an IT audit. A detailed examination of finding form analysis is discussed as well as draft report preparation. Furthermore, working paper documentation considerations are conveyed to assist in ensuring useful, sufficient, reliable, and relevant evidence. Initial audit report follow-up procedures are explained at the end of this chapter.
Each chapter contains a bibliography of material discussed within that chapter.

Throughout the workbook headings cross reference the bibliography such as 1.1.1 Audit Objectives3, 4, 5, 6 means that this specific section references items 3, 4, 5, and 6 of Chapter 1’s bibliography for supporting subject material.

Flag

Seller assumes all responsibility for this listing.

About the Author

Robert E. Davis, MBA, CISA, CICA | Author on XinXii.com

Robert E. Davis, MBA, CISA, CICA
Member since: Nov 2010
Publications on XinXii: 9

My social profiles on...

Robert E. Davis obtained a Bachelor of Business Administration degree in Accounting and Business Law and a Master of Business Administration degree in Management Information Systems from Temple and West Chester University; respectively. In addition, during his twenty years of involvement in education, Robert acquired Postgraduate and Professional Technical licenses in Computer Science and Computer Systems Technology. Robert also obtained the Certified Information Systems Auditor (CISA) certificate -- after passing the 1988 Information Systems Audit and Control Association’s rigorous three hundred and fifty multiple-choice questions examination; and was conferred the Certified Internal Controls Auditor (CICA) certificate by the Institute for Internal Controls.

Since starting his career as an information systems (IS) auditor, Robert has provided data security consulting and IS auditing services to the United States Securities and Exchange Commission, United States Enrichment Corporation, Raytheon Company, United States Interstate Commerce Commission, Dow Jones & Company and Fidelity/First Fidelity (Wachovia) corporations as well as other organizations; in staff through management positions. In particular to management information systems, some of his professional software and hardware experience includes: MVS, UNIX, Windows, Clarity, Oracle, the International Money Management System, MS-Project, PERL, COBOL, PASCAL, DEC, IBM, Tandem, Compaq, and DELL.

Prior to engaging in the practice of IS auditing and information security consulting; Robert (as a corporate employee) provided inventory as well as general accounting services to Philip Morris, USA and general accounting services to Philadelphia National Bank (Wachovia). Furthermore, he has prior experience as a freelance writer of IT audit and information security training material. Specifically, his published credits include:

•Assuring IT Legal Compliance

•Ensuring Information Assets Protection

•IT Auditing: An Adaptive Process

•IT Auditing: Assuring Information Assets Protection

•IT Auditing: Business Continuity and Disaster Recovery

•IT Auditing: Information Assets Protection

•IT Auditing: Information Security Governance

•IT Auditing: Irregular and Illegal Acts

•IT Auditing: IT Governance

•IT Auditing: IT Service Delivery and Support

•IT Auditing: Systems and Infrastructure Life Cycle Management

•IT Auditing: The Process

Robert has authored articles addressing IT issues for The Institute of Internal Auditors, IT Governance LTD and ISACA as well as reviewed Carnegie Mellon University's technical report "Comparing eSCM-SP v2 and COBIT".

In regards to training individuals in the information systems audit process, he has provided instruction to the Data Processing Management Association, ISACA-Philadelphia Chapter CISA Review Course participants, 3rd Annual Securasia Congress delegates and an Internet CISA study group.

Based on his accomplishments, Robert has been featured in Temple University's Fox School of Business and Management Alumni Newsletter as well as The Institute for Internal Controls e-newsletter. Furthermore, he is listed as a Madison Who's Who Registry of Executives and Professionals 2007-2008 “Member of the Year”, an IT Governance LTD expert panel member, a leading expert and specialist by The Compliance Authority as well as an International Association of IT Governance Standards honorary member.