Professional Documents
Culture Documents
Objectives
More and more, auditors are being called upon to assess the risks and evaluate
the controls over computer information systems in all types of organizations.
However, many auditors are unfamiliar with the techniques they need to know to
efficiently and effectively determine whether information systems are adequately
protected. Auditor's Guide to Information Systems Auditing presents an easy,
practical guide for auditors that can be applied to all computing environments.
Course Outline
1. IIA Standards
2. Code of Ethics
3. Advisory
4. Aids
5. Standards for the Professional Performance of Internal Auditing
6. ISACA Standards
7. ISACA Code of Ethics
8. COSO: Internal Control Standards
9. BS 7799 and ISO 17799: IT Security
10. NIST
11. BSI Baselines
1. Internal Controls
2. Cost/Benefit Considerations
3. Internal Control Objectives
4. Types Of Internal Controls
5. Systems of Internal Control
6. Elements of Internal Control
7. Manual and Automated Systems
8. Control Procedures
9. Application Controls
10. Control Objectives and Risks
11. General Control Objectives
12. Data and Transactions Objectives
13. Program Control Objectives
14. Corporate IT Governance
1. Nature of Risk
2. Auditing in General
3. Elements of Risk Analysis
4. Defining the Audit Universe
5. Computer System Threats
6. Risk Management
1. Planning
2. Audit Mission
3. IS Audit Mission
4. Organization of the Function
5. Staffing
6. IS Audit as a Support Function
7. Planning
8. Business Information Systems
9. Integrated IS Auditor vs Integrated IS Audit
10. Auditees as Part of the Audit Team
11. Application Audit Tools
12. Advanced Systems
13. Specialist Auditor
14. IS Audit Quality Assurance
1. Audit Evidence
2. Audit Evidence Procedures
3. Criteria for Success
4. Statistical Sampling
5. Why Sample?
6. Judgmental (or Non-Statistical) Sampling
7. Statistical Approach
8. Sampling Risk
9. Assessing Sampling Risk
10. Planning a Sampling Application
11. Calculating Sample Size
12. Quantitative Methods
13. Project Scheduling Techniques
14. Simulations
15. Computer Assisted Audit Solutions
16. Generalized Audit Software
17. Application and Industry-Related Audit Software
18. Customized Audit Software
19. Information Retrieval Software
20. Utilities
21. On-Line Inquiry
22. Conventional Programming Languages
23. Microcomputer-Based Software
24. Test Transaction Techniques
1. Audit Reporting
2. Interim Reporting
3. Closing Conferences
4. Written Reports
5. Clear Writing Techniques
6. Preparing To Write
7. Basic Audit Report
8. Executive Summary
9. Detailed Findings
10. Polishing the Report
11. Distributing the Report
12. Follow-Up Reporting
13. Types of Follow-Up Action
CHAPTER 11 – Management
1. IS Infrastructures
2. Project-Based Functions
3. Quality Control
4. Operations and Production
5. Technical Services
6. Performance Measurement and Reporting
7. Measurement Implementation
1. Privacy
2. Copyrights, Trademarks, and Patents
3. Ethical Issues
4. Corporate Codes of Conduct
5. IT Governance
6. Sarbanes-Oxley Act
7. Housekeeping
1. General Frameworks
2. COSO: Internal Control Standards
3. Other Standards
1. Change Control
2. Problem Management
3. Auditing Change Control
4. Operational Reviews
5. Performance Measurement
6. ISO 9000 Reviews
1. Stakeholders
2. Operations
3. Systems Development
4. Technical Support
5. Other System Users
6. Segregation of Duties
7. Personnel Practices
8. Object-Oriented Systems Analysis
9. Enterprise Resource Planning
1. Programming Computers
2. Program Conversions
3. System Failures
4. Systems Development Exposures
5. Systems Development Controls
6. Systems Development Life Cycle Control: Control Objectives
7. Micro-Based Systems
1. Impact
2. Continuous Monitoring
3. Business Process Outsourcing
4. E-Business
1. Developing a System
2. Change Control
3. Why Do Systems Fail?
4. Auditor's Role in Software Development
1. Control Mechanisms
2. Implementing the Controls
1. Risk Reassessment
2. Disaster—Before and After
3. Consequences of Disruption
4. Where to Start
5. Testing the Plan
6. Auditing the Plan
CHAPTER 31 – Insurance
1. Self-Insurance
1. History
2. Security and Control in a UNIX/Linux System
3. Architecture
4. UNIX Security
5. Services
6. Daemons
7. Auditing UNIX
8. Scrutiny of Logs
9. Audit Tools in the Public Domain
10. UNIX passwd File
11. Auditing UNIX Passwords
1. History
2. NT and Its Derivatives
3. Auditing Windows 23
4. Password Protection
5. File Sharing
6. Security Checklist
1. Pre-Incident Preparation
2. Detection of Incidents
3. Initial Response
4. Forensic Backups
5. Investigation
6. Network Monitoring
7. Identity Theft