Understanding and Conducting Information Systems Auditing + Website
Format: PDF / Kindle (mobi) / ePub
A comprehensive guide to understanding and auditing modern information systems
The increased dependence on information system resources for performing key activities within organizations has made system audits essential for ensuring the confidentiality, integrity, and availability of information system resources. One of the biggest challenges faced by auditors is the lack of a standardized approach and relevant checklist. Understanding and Conducting Information Systems Auditing brings together resources with audit tools and techniques to solve this problem.
Featuring examples that are globally applicable and covering all major standards, the book takes a non-technical approach to the subject and presents information systems as a management tool with practical applications. It explains in detail how to conduct information systems audits and provides all the tools and checklists needed to do so. In addition, it also introduces the concept of information security grading, to help readers to implement practical changes and solutions in their organizations.
- Includes everything needed to perform information systems audits
- Organized into two sections—the first designed to help readers develop the understanding necessary for conducting information systems audits and the second providing checklists for audits
- Features examples designed to appeal to a global audience
Taking a non-technical approach that makes it accessible to readers of all backgrounds, Understanding and Conducting Information Systems Auditing is an essential resource for anyone auditing information systems.
Programming and Technical Skill Sets Costs of manpower appropriate for the existing technology exceed the cost to replace existing technology. Licensing Costs License cost of the existing technology exceeds the cost to replace it with later technology. Performance Levels Existing equipment performs suboptimally and costs of upgrading exceed the cost of replacement. Technical Functionality The best performance achievable by existing technology will need additional investment and replacement
3. 4. System boot and shut-down time. System errors reported and corrective actions taken. Audit trail to establish correct handling of data files and computer outputs. Identity of person making the log entry, in case the log is maintained manually. CONTROL ISSUES DURING INSTALLATION AND MAINTENANCE One of the activities that exposes an information system to severe compromise is installation and maintenance. The information systems auditor must be familiar with software procurement and
10-K of Kraft Foods Inc.; 2. Based on my knowledge, this report does not contain any untrue statement of a material fact or omit to state a material fact necessary to make the statements made, in light of the circumstances under which such statements were made, not misleading with respect to the period covered by this report; (Continued ) c01.indd 5 1/7/13 5:50 PM 6 Ⅲ Overview of Systems Audit 3. Based on my knowledge, the ﬁnancial statements, and other ﬁnancial information included in
risk. Once an understanding of inherent business risk and control risk is achieved, a risk matrix can be designed. This risk matrix is used to decide on the type of audit process to be carried out, including test checks, walkthroughs, and compliance testing. The intensity of these processes will range from minimal to high depending on the risk classification in the risk matrix. The auditors then decide on the nature, timing, and extent of substantive tests to be carried out. The framework of
and systems. The basis of prioritization is sensitivity of attainment of business objectives to availability of resources. iii. Confirm whether the plan specifies reasonable recovery time objectives for recovery and availability of the critical system. iv. Ensure that the business resumption plan considers urgent resumption of telecommunications and network facilities while maintaining the security requirement. v. Confirm existence of a testing schedule and whether the schedule is adequate in