| IT Auditing: An Overview and Approach | p. 1 |
| Evolution in Managements' Perceptions | p. 1 |
| Evolution in Information Processing Capabilities | p. 2 |
| Exposure to Loss | p. 3 |
| Objectives of IT Auditing | p. 5 |
| Internal Controls and IT Audit | p. 5 |
| Various Internal Controls | p. 7 |
| Growth and Genesis of IT Auditing | p. 7 |
| IT Audit Approach | p. 9 |
| Nature of IT Controls | p. 9 |
| Controls and Loss | p. 11 |
| Internal Controls and Auditing Approach | p. 12 |
| Steps in an IT Audit | p. 12 |
| Audit Decisions | p. 15 |
| Auditing and Complex Business Information Systems | p. 21 |
| Complex Integrated Accounting Systems | p. 22 |
| Distributed Data and its Effects on Organisations | p. 24 |
| Networks | p. 25 |
| Portability and Systems | p. 31 |
| Integration of Applications | p. 32 |
| Productivity Aspect of the Technology | p. 32 |
| Business Process Re-engineering | p. 33 |
| Intelligent Systems | p. 34 |
| Auditors and Changing Technology | p. 36 |
| Strategic Use of Technology and Audit Implications | p. 37 |
| Internal Controls and Auditing | p. 40 |
| Generation-X Technologies and IT Auditing | p. 45 |
| Generation-X Enterprise Technologies | p. 46 |
| Information Systems Integration: A Challenge | p. 48 |
| Assured Information Emanates from Assured Systems | p. 51 |
| Information Assurance: A Function of Strategic Importance | p. 53 |
| Various Information Assurance and Control Measures | p. 56 |
| Web-Level Assurance Measures | p. 57 |
| Control Objectives and System Assurance | p. 58 |
| British Standards: BS7799 and BS 7799-2:2002 | p. 60 |
| System Security Engineering Capability Maturity Model: SSE-CMM | p. 60 |
| Complex Information Systems, Auditing Standards and IT Auditors | p. 63 |
| The Approach and Objectives | p. 63 |
| The Scenario | p. 65 |
| Impact of Technology Complexity on the Auditor | p. 65 |
| Complex Information Technologies and Audit Risks | p. 67 |
| SAS-94 and its Effect on the Audit Process | p. 70 |
| ERP and Information Integration Issues: Perspective for Auditors | p. 75 |
| What is Enterprise Resource Planning? | p. 77 |
| Implementation Cycle | p. 79 |
| Conceptual Models | p. 80 |
| Successes and Disasters | p. 81 |
| Types of Implementation | p. 82 |
| Social Integration | p. 83 |
| Resistance in Social Integration | p. 84 |
| Process Integration | p. 84 |
| Communications in Process Integration | p. 85 |
| Alignment of Culture in Process Integration | p. 86 |
| Knowledge Integration | p. 86 |
| Workflow Integration | p. 89 |
| Best Practices in Functional Integration | p. 90 |
| Virtual Integration | p. 91 |
| Auditor and ERP | p. 92 |
| ERP Internal Control Procedures | p. 92 |
| Technology, Auditing and Cyber-Commerce | p. 95 |
| Technology and Auditing | p. 96 |
| Risk Understanding in e-Commerce for IT Auditor | p. 99 |
| Information at Risk | p. 101 |
| Controls and Audit Evidences | p. 105 |
| IT Auditing and Security of Information Systems | p. 107 |
| Information Security | p. 108 |
| Computer Assets | p. 109 |
| Security Controls | p. 110 |
| Security Evaluation and Certification Criteria | p. 112 |
| Networks Security | p. 113 |
| OSI Architecture | p. 115 |
| Security Mechanisms | p. 118 |
| Integrity | p. 120 |
| Security Mechanisms Location | p. 122 |
| Future Trends | p. 123 |
| Exemplary Case Laws Related to Security Needs and Breaches in USA | p. 124 |
| Case Laws Related to Data Preservation | p. 124 |
| Case Laws Pertaining to the Scope of Discovery | p. 125 |
| Case Laws Related to the Records Management | p. 131 |
| Case Laws Pertaining to the Use of Experts | p. 133 |
| Case Laws Related to the Costs and Allocation | p. 134 |
| Case Laws Related to the Spoliation and Sanctions | p. 136 |
| Case Laws Pertaining to Inadvertent Disclosure | p. 139 |
| Case Laws Related to the Method of Litigation | p. 140 |
| Case Laws Related to Criminal Issues of Security | p. 142 |
| Case Laws Related to the Reliability | p. 142 |
| E-Sign Statute and Case Laws | p. 143 |
| Case Laws on Privacy | p. 144 |
| Kind of Audits Called Security Audits | p. 145 |
| Internet/Perimeter Audit | p. 145 |
| Website Audit | p. 145 |
| Penetration Audit (Ethical Hacking) | p. 145 |
| Wireless Audit | p. 146 |
| Network Audit | p. 146 |
| Security Policies and Procedures Audit | p. 146 |
| Facilities Audit (Physical) | p. 146 |
| Business Continuity Plan (BCP) and Disaster Recovery (DR) | p. 147 |
| Regulatory Compliance Audits | p. 147 |
| How Can Security Audit Help the Enterprises? | p. 148 |
| Protecting the Physical Safety of Your Employees, Vendors, and Visitors | p. 148 |
| Information Technology Governance and COBIT | p. 151 |
| Why Do we Need IT Governance? | p. 152 |
| Introduction to COBIT | p. 153 |
| COBIT and the Reality | p. 154 |
| Database Management Systems and Auditing | p. 157 |
| Concepts of Database Technology for Auditors | p. 157 |
| Data Independence | p. 158 |
| Database Management Systems and its Functions | p. 158 |
| Relational Database Management Systems (RDMS) | p. 162 |
| Database Security | p. 167 |
| Distributed Database Systems | p. 174 |
| Object Data Management Systems | p. 175 |
| Relation and Object: A Comparison | p. 175 |
| Data Warehouses | p. 177 |
| Operational Systems Compared to Informational Systems | p. 178 |
| EAI: Auditors Should Know Potential Risks to Enterprise | p. 181 |
| The Promise of EAI | p. 184 |
| Improvement in Productivity | p. 184 |
| Data Flow Streamlined | p. 185 |
| EAI Reaches Beyond Your Borders | p. 185 |
| Lowered Costs | p. 186 |
| Bibliography and Further References | p. 189 |
| Glossary of IT Auditing Terms | p. 209 |
| Table of Contents provided by Ingram. All Rights Reserved. |
