+612 9045 4394
$7.95 Delivery per order to Australia and New Zealand
100% Australian owned
Over a hundred thousand in-stock titles ready to ship
Understanding and Conducting Information Systems Auditing : Wiley Corporate F&A - Veena Hingarh

Understanding and Conducting Information Systems Auditing

Wiley Corporate F&A

Hardcover Published: 14th February 2013
ISBN: 9781118343746
Number Of Pages: 336

Other Formats

Share This Book:


RRP $240.00
or 4 easy payments of $38.81 with Learn more
Ships in 7 to 10 business days

Earn 311 Qantas Points
on this Book

A comprehensive guide to understanding and auditing modern information systems

The increased dependence on information system resources for performing key activities within organizations has made system audits essential for ensuring the confidentiality, integrity, and availability of information system resources. One of the biggest challenges faced by auditors is the lack of a standardized approach and relevant checklist. Understanding and Conducting Information Systems Auditing brings together resources with audit tools and techniques to solve this problem.

Featuring examples that are globally applicable and covering all major standards, the book takes a non-technical approach to the subject and presents information systems as a management tool with practical applications. It explains in detail how to conduct information systems audits and provides all the tools and checklists needed to do so. In addition, it also introduces the concept of information security grading, to help readers to implement practical changes and solutions in their organizations.

  • Includes everything needed to perform information systems audits
  • Organized into two sections—the first designed to help readers develop the understanding necessary for conducting information systems audits and the second providing checklists for audits
  • Features examples designed to appeal to a global audience
Taking a non-technical approach that makes it accessible to readers of all backgrounds, Understanding and Conducting Information Systems Auditing is an essential resource for anyone auditing information systems.

About the Author

Veena Hingarh is Joint Director of the South Asian Management Technologies Foundation, a center for research, training, and application in the areas of finance and risk management, which provides training in areas including IS auditing, enterprise risk management, and risk modeling. Winner of numerous merit-based awards during her career, Hingarh's major areas of focus are IFRS and IS. She speaks frequently at conferences and platforms throughout Asia and the Middle East. Hingarh is a Chartered Accountant from the Institute of Chartered Accountants of India (ICAI), Certified Company Secretary of the Institute of Company Secretaries of India (ICSI), and Certified Information System Auditor (CISA) from ISACA (USA).

Arif Ahmed is a professor at and Director of the South Asian Management Technologies Foundation as well as a Chartered Accountant from the Institute of Chartered Accountants of India (ICAI). He is an Information Security Management System Lead Auditor for the British Standards Institution. Ahmed's areas of focus are finance and risk management, and he has over two decades of postqualification experience in training and strategic consulting. He has been interviewed and quoted throughout the media and has spoken at various seminars and institutions, including the Institute of Chartered Accountants of India, XLRI, and the Institute of Company Secretaries of India.



Part One Conducting Information Systems Audit

Chapter 1 Overview of Systems Audit Information Systems Audit Information Systems Auditor Legal Requirement of Information Systems Audit Systems Environment and Information Systems Audit Information System Assets Classification of Controls Impact of Computers on Information Impact of Computers on Auditing Information Systems Audit Coverage

Chapter 2 Hardware Security Issues Hardware Security Objective Peripheral Devices and Storage Media Client-server Architecture Authentication Devices Hardware Acquisition Hardware Maintenance Management of Obsolescence Disposal of Equipment Problem Management Change Management Network and Communication Issues

Chapter 3 Software Security Issues Overview of Types of Software Elements of Software Security Control Issues during Installation and Maintenance Licensing Issues Problem and Change Management

Chapter 4 Information Systems Audit Requirement Risk Analysis Threats, Vulnerability, Exposure, and Likelihood Information Systems Control Objectives Information Systems Audit Objectives System Effectiveness and Efficiency Information Systems Abuse Asset Safeguarding Objective and Process Evidence Collection and Evaluation Logs and Audit Trails as Evidence

Chapter 5 Conducting an Information Systems Audit Audit Programme Audit Plan Audit Procedures and Approaches System Understanding and Review Compliance Reviews and Tests Substantive Reviews and Test Audit Tools and Techniques Sampling Techniques Audit Questionnaire Audit Documentation Audit Reporting Auditing Approaches Sample Audit Work Planning Memo Sample Audit Work Process Flow

Chapter 6 Risk-Based Systems Audit Conducting Risk Based Information Systems Audit Risk Assessment Risk Matrix Risk and Audit Sample Determination Audit Risk Assessment Risk Management Strategy

Chapter 7 Business Continuity and Disaster Recovery Plan Business Continuity and Disaster Recovery Process Business Impact Analysis (BIA) Incident Response Plan Disaster Recovery Plan Types of Disaster Recovery Plan Emergency Preparedness Audit Checklist Business Continuity Strategies Business Resumption Plan Audit Checklist Recovery Procedures Testing Checklist Plan Maintenance Checklist Vital Records Retention Checklist Forms and Documents

Chapter 8 Auditing under E-commerce Environment Introduction Objectives of information systems audit of e-commerce Preliminary Overview Auditing E-commerce Functions E-commerce Policies and Procedures Review Impact of E-commerce on Internal Control

Chapter 9 Security Testing Cyber Security Cyber Crimes What Is Vulnerable to Attack? How Cyber Attacks Occur What is Vulnerability Analysis? Steps of Vulnerability Analysis Types of Vulnerability Conducting Vulnerability Analysis Cyber Forensics Digital Evidences

Chapter 10 Case Study: Conducting an Information Systems Audit Important Security Issues in Banks Steps to Information Systems Audit at a Bank Branch Special Considerations in a Core Banking System

Part Two Information Systems Auditing Checklists

Chapter 11 ISecGrade Auditing Framework Introduction Licensing and Limitations Methodology Domains Grading Structure Selection of Checklist Format of Audit Report Using the Audit Report Format

Chapter 12 ISecGrade Checklists Checklist Structure Information Systems Audit Checklists

Chapter 13 Session Questions Chapter 1: Overview of systems audit Chapter 2: Hardware Security Issues Chapter 3: Software Security Issues Chapter 4: Information Systems Audit Requirements Chapter 5: Conducting and IS Audit Chapter 6: Risk Based Systems Audit Chapter 7: Business Continuity and Disaster Recovery Plan Chapter 8: Auditing under the E-commerce Environment Chapter 9: Security Testing

About the Authors

About the Website


ISBN: 9781118343746
ISBN-10: 1118343743
Series: Wiley Corporate F&A
Audience: General
Format: Hardcover
Language: English
Number Of Pages: 336
Published: 14th February 2013
Publisher: John Wiley & Sons Inc
Country of Publication: US
Dimensions (cm): 26.3 x 18.8  x 2.6
Weight (kg): 0.9
Edition Number: 1

Earn 311 Qantas Points
on this Book