|
|
|
 |
| |
|
|
|
Publish with Us! If you have a new idea for an article or a new book, Click Here. Need Help? Check out our FAQ Page This page contains answers to some of our most Frequently Asked Questions. CRC Press Online Leading Publishers of Essential Information for the Professional and Technical Communities Worldwide!
CRC Press.
Summary Features Table of Contents Standard for Auditing Computer Applications, A Read it Online! Buy it Today! PART I OVERVIEW OF INTEGRATED
AUDITING
AUTOMATED APPLICATION REVIEW OVERVIEW
WHAT INTEGRATED
APPLICATION SYSTEMS ARE
Proper Operation of the IT Department
Developing
Automated Applications
Critical Information Technology Controls
REVIEWING APPLICATION SYSTEMS
The Audit Structure
The Internal
Auditors
The Audit Manual
Managing the Individual IT Audit
IT Audit
Procedures
Application Development and Testing
Documenting and Reporting
Audit Work
External Auditors
ASSESSING IT AUDIT CAPABILITIES
Who
Should Perform the Self-Assessment?
Conducting the Self-Assessment
Analysis and Reporting of Results
PART II. DEVELOPING THE IT AUDIT
PLAN
OVERVIEW OF COMPUTER APPLICATIONS AUDIT PLANNING STANDARDS AND PROCESSES
IT AUDIT PLANNING
Overview of Standards for IT Audit Planning
STRATEGIC IT AUDIT PLANNING
THE ANNUAL IT AUDIT PLANNING PROCESS
Step 1: Identify All Potential Reviews
Step 2: Evaluate and Prioritize
Possible Reviews
Step 3: Setting Preliminary Scopes
Step 4: Select and
Schedule IT Audits
Step 5: Merger Audit Plans
SPECIFIC AUDIT PLANNING
Step 1: Assign An Auditor-in-Charge
Step 2: Perform Application Fact
Gathering
Step 3: Analyze Application Audit Risk
Step 4: Develop and
Rank Measurable Audit Objectives
Step 5: Develop Administrative Plan
Step 6: Write Audit Program
PART III. ASSESSING GENERAL IT
CONTROLS
INFORMATION SYSTEMS ADMINISTRATION
Strategic Planning
Tactical Planning
Information Technology Standard Setting
PHYSICAL
ACCESS SECURITY
The Data Center
Door Locks
Windows
Data Center
Floor
Alarm System
Fire Suppression Systems
The Detection of and
Response to Unauthorized Activity
LOGICAL ACCESS SECURITY
User
Identification
End User Log-In Considerations
SYSTEMS DEVELOPMENT
PROCESS
General Objectives
Specific Objectives
BACKUP AND RECOVERY
Approaches to Making Backups
Media Utilized to Make Backups
Recovery
Issues
AUDITING THE MAINFRAME
Planning the Audit
Performing
Fieldwork Procedures
Auditing Specific Procedures by Audit Area
Audit
Finalization
AUDITING THE MIDRANGE COMPUTER
Planning the Audit
Performing Fieldwork Procedures
Auditing Specific Procedures by Audit
Area
Audit Finalization
AUDITING THE NETWORK
Planning the Audit
Performing Fieldwork Procedures
Auditing Specific Procedures by Audit
Area
Audit Finalization
PART IV. PERFORMING A COMPLETE
EVALUATION
PERFORMING A BASIC EVALUATION
PERFORMING A COMPLETE EVALUATION
General Control Objectives
Participants in the Systems Development Life
Cycle
INITIATION PHASE REVIEW
Overview
Initiation Phase Deliverables
Auditing the Initiation Phase
Setting the Scope for the SDLC Audit
Customizing the Audit Objectives
Detailed Audit Testing
Audit
Results and Reporting
THE REQUIREMENTS DEFINITION PHASE REVIEW
Overview
Deliverables in the Requirements Definition Phase
The Initial Audit
Evaluation
Adjusting Audit Objectives
Detailed Audit Testing
Audit
Results and Reporting
Confirming The Audit Strategy
APPLICATION
DEVELOPMENT PHASE
Programming Phase Overview
Programming Phase
Deliverables
The Initial Audit Assessment
Conducting Interviews
Setting The Audit Objectives
Detailed Audit Testing
The Audit Test
Audit Results and Reporting
Evaluating The Audit Strategy
THE
EVALUATION AND ACCEPTANCE PHASE
Overview
Initial Assessment of The
Acceptance Phase
Gathering and Verifying Information on The Phase Status
Setting Objectives for the Audit
Evaluation and Acceptance Phase
Considerations
Detailed Audit Testing
Audit Results and Reporting
Evaluating Audit Results and Plans
PART V ASSESSING IMPLEMENTED
SYSTEMS
INITIAL REVIEW PROCEDURES
Initial Review Procedures
Review
Existing Audit Files
The Planning Meeting
AUDIT EVIDENCE
Initial
Workpapers
IDENTIFY APPLICATION RISKS
The Meaning of Risk
Stand
Alone Risk
Relative Risk
Ensuring Success
Identifying Application
Risks
Overcoming Obstacles to Success
Assigning Materiality
Computing a Risk Score
DEVELOP A DETAILED PLAN
Writing Measurable
Audit Objectives
Verifying the Completeness of Measurable Audit Objectives
EVALUATE INTERNAL CONTROLS
Document Segregation of Responsibilities
Conduct an Internal Control Review
Develop Internal Control Diagrams
Test Internal Controls
Evaluate Internal Control Effectiveness
TEST
DATA INTEGRITY
Conduct a Data File Survey
Create Data Test Plan
Develop Test Tools
Verify File Integrity
Evaluate the Correctness of
the Test Process
Conduct Data Test
Review Data Test Results
CERTIFY
COMPUTER SECURITY
Collect Data
Conduct Basic Evaluation
Conduct
Detailed Evaluation
Prepare Report of Results
ANALYZE AUDIT RESULTS
Document Findings
Analyze Findings
Develop Recommendations
Document Recommendations
REVIEW AND REPORT AUDIT FINDINGS
Create the
Audit Report
Review Report Reasonableness
Review Readability of Report
Prepare and Distribute Report
REVIEW QUALITY CONTROL
Conduct a
Quality Control Review
Conduct a Quality Assurance Review
Improve the
Application Audit Process
WORKFLOW DIAGRAMMING
Creating a Workflow
Diagram
Recommended Practices for Developing Workflow Diagrams
PART VI
APPENDICES
WORKPAPERS
I-3-1 Self Assessment Questionnaire: IT Environment
I-3-2 Analysis Summary for I-3-1
I-3-3 Self Assessment Questionnaire:
SDLC Methodology
I-3-4 Analysis Summary for I-3-3
I-3-5 Self Assessment
Questionnaire: Internal Audit Capabilities
I-3-6 Analysis Summary for I-3-5
I-3-7 Analysis Summary for I-3-2, I-3-4, and I-3-6
II-5-1 Risk
Assessment Model (100-Point System)
II-5-2 Risk Assessment Model (Weighted
System)
II-5-3 Risk Assessment Model (10-Point System)
II-5-4 Risk
Assessment Model (100-Point Total System)
III-1 Generic Questionnaire
III-2 Generic Program
III-3 Generic Workpaper Set
III-7-1 Complete
Sample IT Security Policy
III-11-1 Standard Business Continuity Planning
Audit Program
III-13-1 Midrange Questionnaire (AS/400)
III-14-1 Network
Questionnaire (Novell)
A-1 Audit Assignment Interview Checklist
A-2
Audit Success Criteria Worksheet
A-3 Preliminary Conference Background
Information Checklist
A-4 Conference Preparation Checklist
A-5
Post-Conference Background Information Cheklist
A-6 Input Transactions
Worksheet
A-7 Data File Worksheet
A-8 Output Report and User Worksheet
A-9 User Satisfaction Questionnaire
A-10 Data Flow Diagram
A-11
Structural Risk Assessment
A-12 Technical Risk Assessment
A-13 Size Risk
Assessment
A-14 Risk Score Summary
A-15 Risk Assessment Program
A-16
Application Risk Worksheet
A-17 Application Risk Worksheet (Blank)
A-18
Application Risk Ranking
A-19 File or Database Population Analysis
A-20
Measurable Application Audit Objectives
A-21 EDP Application Audit Plan
A-22 Responsibility Conflict Matrix
A-23 Data Origination Controls
Questionnaire
A-24 Data Input Controls Questionnaire
A-25 Data
Processing Controls Questionnaire
A-26 Data Output Controls Questionnaire
A-27 Data Flow Control Diagram
A-28 Transaction Flow Control Diagram
A-29 Responsibility Vulnerability Worksheet
A-30 Transaction
Vulnerability Worksheet
A-31 Application Control Test Plan
A-32
Designing the Control Test
A-33 Testing Controls
A-34 Evaluation of
Tested Controls
A-35 Computer File Survey
A-36 Manual File Survey
A-37 Data Audit Objective Test
A-38 Test Tool Worksheet
A-39 File
Integrity Program
A-40 File Integrity Proof Sheet
A-41 Structural Test
Program
A-42 Functional Test Program
A-43 Data Test Program
A-44
Data Test Checklist
A-45 Test Results Review
A-46 Key Security Planning
Questions
A-47 Partition of Applications
A-48 Security Requirements
A-49 Risk Analysis
A-50 Document Review Guide
A-51 Planning the
Interviews
A-52 Interview Results
A-53 Security Requirements Evaluation
A-54 Methodology Review
A-55 Detailed Review of Security Safeguards
A-56 Security Certification Statement
A-57 Detailed Evaluation Report
A-58 Audit Finding Documentation
A-59 Analysis of Finding
A-60
Developing Recommendations
A-61 Effective Data Processing Control Practices
A-62 Audit Recommendation Worksheet
A-63 Report Objectives Worksheet
A-64 Audit-Report-Writing Program
A-65 Report Reasonableness Checklist
A-66 Report Readability Checklist
A-67 Exit Conference Program
A-68
Report Issuance and Follow-Up Program
A-69 Computer Application Audit
Quality Control Checklist
A-70 Audit Performance Problem Worksheet (Blank)
A-71 Audit Performance Problem Worksheet
A-72 Audit Process Problem
Cause Identification Worksheet
A-73 Audit Process Improvement Recommendation
Worksheet
|
| |
|
|
|
|
|
