Auditor's Guide to IT Auditing
eBook - ePub

Auditor's Guide to IT Auditing

  1. English
  2. ePUB (mobile friendly)
  3. Available on iOS & Android
eBook - ePub

Auditor's Guide to IT Auditing

Book details
Book preview
Table of contents
Citations

About This Book

Step-by-step guide to successful implementation and control of IT systems—including the Cloud

Many auditors are unfamiliar with the techniques they need to know to efficiently and effectively determine whether information systems are adequately protected. Now in a Second Edition, Auditor's Guide to IT Auditing presents an easy, practical guide for auditors that can be applied to all computing environments.

  • Follows the approach used by the Information System Audit and Control Association's model curriculum, making this book a practical approach to IS auditing
  • Serves as an excellent study guide for those preparing for the CISA and CISM exams
  • Includes discussion of risk evaluation methodologies, new regulations, SOX, privacy, banking, IT governance, CobiT, outsourcing, network management, and the Cloud
  • Includes a link to an education version of IDEA--Data Analysis Software

As networks and enterprise resource planning systems bring resources together, and as increasing privacy violations threaten more organization, information systems integrity becomes more important than ever. Auditor's Guide to IT Auditing, Second Edition empowers auditors to effectively gauge the adequacy and effectiveness of information systems controls.

Frequently asked questions

Simply head over to the account section in settings and click on “Cancel Subscription” - it’s as simple as that. After you cancel, your membership will stay active for the remainder of the time you’ve paid for. Learn more here.
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes, you can access Auditor's Guide to IT Auditing by Richard E. Cascarino in PDF and/or ePUB format, as well as other popular books in Business & Auditing. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Wiley
Year
2012
ISBN
9781118239070
Edition
2
Topic
Business
Subtopic
Auditing
Index
Business

PART ONE
IT Audit Process

CHAPTER ONE
Technology and Audit

THIS CHAPTER COVERS the basics of technology and audit. The chapter is intended to provide an understanding of the technology currently in use in business as well as knowledge of the jargon and its meaning. It also covers the components of control within an information technology (IT) environment and explains who the main players are and what their roles are within this environment.
After reading this chapter you should be able to:
  • Understand the technology currently in use in business
  • Understand the jargon and its meaning
  • Define the components of control in an IT environment
  • Briefly explain who the players are and what their roles are
  • Define the fundamental differences between batch and online systems
  • Explain the principal business risks within each processing type
  • Describe the components that make up the online system and the effect these have on control objectives
  • Explain the controls within each type of computer system
  • Contrast the basics of batch and online security
  • Demonstrate an ability to:
    • Identify the differing types of database structures
    • Identify the principal components of each type of Database Management System (DBMS)
    • Identify the primary threats to each of these components
    • Relate DBMS components to the operating system environment in which they operate
    • Identify potential control opportunities and select among control alternatives
    • Identify the principal DBMS products in the market
    • Recognize vulnerabilities in multiple DBMS environments and make appropriate recommendations

TECHNOLOGY AND AUDIT

Before the auditor can make an effective start in auditing the technology, it is critical that both Audit and IT speak a common language and that the auditor understands the technical jargon with which they will be confronted.

Some Computing Jargon

Before we can start to discuss the audit and control of computer systems, we must have a common understanding of the jargon used.

Hardware

Hardware consists of those components that can physically be touched and manipulated. Principles among those components are:
  • CPU. The Central Processing Unit is the heart of the computer. This is the logic unit that handles the arithmetic processing of all calculations.
  • Peripherals. Peripheral devices are those devices that attach to the CPU to handle—typically—inputs and outputs. These include:
    • Terminals
    • Printers
    • Disk and tape devices
  • Memory. Memory takes the form in modern computers of silicon chips capable of storing information. In commercial computers, this information takes the form of 1 and 0 in the notation known as binary. Memory comes in various forms including:
    • RAM. Random Access Memory whose contents can be changed but which is vulnerable to loss of power where the contents of memory may also be lost. This type of memory is also known as dynamic or volatile memory.
    • ROM. Read-Only Memory is a form of memory whereby instructions are “burned-in” and not lost in the event of a power loss. These programs cannot be changed. This is also known as non-volatile memory.
    • PROM. Programmable Read-Only Memory is similar to ROM but can have the contents changed.
    • EPROM. Erasable Programmable Read-Only Memory is similar to PROM but the instructions can be erased by ultra-violet light. There is another version of memory known as nonvolatile RAM. This is memory that has been attached to a battery so that, in the event of a power loss, the contents will not be lost.
  • Mainframe. Mainframe computers are the large (physically as well as in power) computers used by companies to carry out large-volume processing and concentrated computing.
  • Mini. Minicomputers are physically smaller than mainframes, although the power of many minicomputers exceeds that of recent mainframes.
  • Micro. Microcomputers are physically small computers with limited processing power and storage. Having said that, the power and capacity of today’s micro is equivalent to that of a mainframe only five years ago.
  • LANs. Local Areas Networks are collections of computers linked together within a comparatively small area.
  • WANs. Wide Area Networks are collections of computers spread over a large geographic area.

Storage

Data is stored in a variety of forms for both permanent and temporary retention:
  • Bits. Binary Digits, individual ones and zeros
  • Bytes. Collections of Bits making up individual characters
  • Disks. Large-capacity storage devices containing anything from 10 Mb to 150 Gb of data
  • Diskettes. Small-capacity removable disks containing from 360 k to 100 Mb of data
  • Optical Disks. Laser-encoded disks containing between 650 Mb and 9 GB of data
  • Tapes. Reel-to-Reel or cassettes that store data
  • Memory. See Memory under the Hardware section

Communications

In order to maximize the potential of the effective use of the information on computers it is essential that isolated computers be able to communicate and share data, programs, and hardware devices.
  • Terminals. Remote devices allowing the input and output to and from the computer of data and programs.
  • Modem. MOdulator/DEModulator, which translates digital computer signals into analog signals for telephone wires and retranslates them at the other end.
  • Multiplexer. Combining signals from a variety of devices to maximize utilization of expensive communication lines.
  • Cable. Metallic cable, usually copper, which can carry the signal between computers. These may come in the form of “twisted pair,” where two or more cables are strung together within a plastic sleeve, or in the form of coaxial, where a cable runs within a metallic braiding in the same manner as a television aerial cable.
  • Fiber Optics. These consist of fine strands of fiberglass or plastic filaments that carry light signals without the need for electrical insulation. They have extremely high capacity and transfer rates but are expensive.
  • Microwave. This form of communication involves sending high-power signals from a transmitter to a receiver. They work on a direct line-of-sight basis but require no cables.

Input

Inputs to computer systems have developed rapidly over the years. The IT Auditor will still occasionally encounter some of the earlier types:
  • Cards. Rarely seen nowadays, punch cards were among the first input and output media and consisted of cardboard sheets, some 8 inches by 4 inches with
    80 columns, where rectangular holes could be punched in combinations to represent numeric, alphabetic, and special characters.
  • Paper Tape. Another early input/output medium, paper tape was a low-cost alternative to punch cards and consisted of a one-inch wide paper tape with circular holes punched in it to form the same range of characters.
  • Keyboards. The most common input device today (although that is changing). Most keyboards are still based on the original typist’s QWERTY keyboard design.
  • Mouse. An electromechanical pointing device used for inputting instructions in real time.
  • Scanners. Optical device...

Table of contents

  1. Cover
  2. Content
  3. Series Page
  4. Title Page
  5. Copyright
  6. Dedication
  7. Preface
  8. PART ONE: IT Audit Process
  9. PART TWO: Information Technology Governance
  10. PART THREE: Systems and Infrastructure Lifecycle Management
  11. PART FOUR: Information Technology Service Delivery and Support
  12. PART FIVE: Protection of Information Assets
  13. PART SIX: Business Continuity and Disaster Recovery
  14. PART SEVEN: Advanced IT Auditing
  15. APPENDIX A: Ethics and Standards for the IS Auditor
  16. APPENDIX B: Audit Program for Application Systems Auditing
  17. APPENDIX C: Logical Access-Control Audit Program
  18. APPENDIX D: Audit Program for Auditing UNIX/Linux Environments
  19. APPENDIX E: Audit Program for Auditing Windows VISTA and Windows 7 Environments
  20. About the Author
  21. About the Website
  22. Index
  23. End User License Agreement