Introduction
Chapter Overviews
Chapter 01. Introduction to Information Systems (IS) Auditing
This chapter provides an overview of IS auditing. It covers the purpose and scope of IS auditing, including its role and importance in organizations. The chapter also highlights the key traits and career paths of IS auditors and the different types of IS audits that can be conducted. This chapter serves as a foundation for the rest of the textbook by introducing the key concepts and terminology of IS auditing.
Chapter 02. IS Auditing Standards and Continuous Improvement
This chapter provides an overview of the various standards and guidelines that govern IS auditing set by organizations such as the Information Systems Audit and Control Association (ISACA), the Institute of Internal Auditors (IIA), etc. The chapter also covers Computer-Assisted Auditing Techniques (CAATs) in IS auditing, including their benefits and limitations. Lastly, the chapter will provide an overview of the IS Auditors’ Code of Ethical Principles and its importance in the IS auditing process.
Chapter 03. Planning an IS Audit
This chapter covers a range of essential sub-topics involved in planning and conducting effective IT/IS audits. This includes the use of risk assessment and materiality in planning IT/IS audits, the development of audit programs, and the assessment of control frameworks. The chapter also explores the evaluation of various types of controls, such as preventive, detective, and corrective controls. It highlights the importance of using CAATs in IS audits. Additionally, the chapter discusses the role of documentation and communication in reporting audit findings and highlights emerging IT/IS auditing trends.
Chapter 04. Enterprise IS Governance, Risk Management, and Controls
This chapter covers vital governance components, such as policies, procedures, and standards, and how they work together to ensure effective management of IT resources. It also examines the various roles and responsibilities associated with IT governance, including those of the board of directors, senior management, and IT staff. It will provide an in-depth understanding of the governance of enterprise IT and how it can be implemented in the organization to increase the efficiency and effectiveness of IT resources. It will also provide an overview of IS risk management and various frameworks, such as COSO, COBIT, NIST, etc., that can manage and control risks. The chapter also provides an overview of the internal controls environment and the activities to manage and control risks. Finally, it explores the various types of internal controls that will set the tone for evaluating controls in the following two chapters.
Chapter 05. The Nature and Evaluation of Information Technology (IT) General Controls
This chapter focuses on the nature, purpose, and importance of IT General Controls (ITGCs) in information systems. The chapter begins with an overview of ITGCs and their significance in safeguarding the overall IT environment. It then explores two specific areas of ITGCs, including change management and user access management. The chapter provides practical guidance on evaluating the effectiveness of ITGCs in managing changes to the IT environment and controlling user access to systems and data. Next, the chapter explores critical facets of evaluating ITGCs related to security management, computer operations management, and disaster recovery preparedness. It provides practical guidance on assessing the effectiveness of ITGCs in security management, computer operations management, and disaster recovery preparedness to mitigate potential risks and prevent security breaches. Overall, the chapter offers a comprehensive understanding of the importance of ITGCs in ensuring the integrity, confidentiality, and availability of information systems.
Chapter 06. The Nature and Evaluation of Application Controls
This chapter focuses on the critical role of application controls in ensuring the accuracy, completeness, and validity of data processed through information systems. The chapter starts with an introduction to the nature, purpose, and significance of application controls in information systems, followed by an exploration of the different types of application controls, including input, processing, and output controls. Furthermore, the chapter provides practical guidance on evaluating the effectiveness of application controls in mitigating risks and ensuring compliance with relevant regulations and standards. Overall, the chapter provides a comprehensive understanding of the importance of application controls in safeguarding information systems and mitigating potential risks.
Chapter 07. Communication and Reporting on IS Audits
This chapter focuses on the critical aspect of communicating and reporting the findings of information systems audits. The chapter covers three sub-topics: identifying, documenting, and communicating audit findings; audit report writing format and structure; and follow-up and monitoring of IS audits. The chapter provides practical guidance on effectively communicating and documenting audit findings, including presenting results concisely and actionable. It also provides an overview of the IS audit report writing format and structure. It emphasizes the importance of follow-up and monitoring of IS audits to ensure that audit recommendations are implemented, and risks are mitigated. Lastly, the chapter provides insights into best practices for communicating and reporting on IS audits.
