Understanding and Conducting Information Systems Auditing
Veena Hingarh, Arif Ahmed
- English
- ePUB (mobile friendly)
- Available on iOS & Android
Understanding and Conducting Information Systems Auditing
Veena Hingarh, Arif Ahmed
About This Book
A comprehensive guide to understanding and auditing modern information systems
The increased dependence on information system resources for performing key activities within organizations has made system audits essential for ensuring the confidentiality, integrity, and availability of information system resources. One of the biggest challenges faced by auditors is the lack of a standardized approach and relevant checklist. Understanding and Conducting Information Systems Auditing brings together resources with audit tools and techniques to solve this problem.
Featuring examples that are globally applicable and covering all major standards, the book takes a non-technical approach to the subject and presents information systems as a management tool with practical applications. It explains in detail how to conduct information systems audits and provides all the tools and checklists needed to do so. In addition, it also introduces the concept of information security grading, to help readers to implement practical changes and solutions in their organizations.
- Includes everything needed to perform information systems audits
- Organized into two sectionsâthe first designed to help readers develop the understanding necessary for conducting information systems audits and the second providing checklists for audits
- Features examples designed to appeal to a global audience
Taking a non-technical approach that makes it accessible to readers of all backgrounds, Understanding and Conducting Information Systems Auditing is an essential resource for anyone auditing information systems.
Frequently asked questions
PART ONE
Conducting an Information Systems Audit
CHAPTER 1
Overview of Systems Audit
Information Systems Audit
Information Systems Auditor
Legal Requirements of an Information Systems Audit
The Sarbanes-Oxley Act of 2002
Form 10-K
Securities and Exchange Commission
- Section 302 assigns corporate responsibility for accuracy of financial statements and operational activities to the chief executive officer (CEO) and chief finance officer (CFO). The signing officers certify that they have reviewed the reports and that they are free of untrue statements, material omissions, or misleading statements. This can be assured only if an information systems audit has reviewed the operation of the software and systems involved in producing the financial statements.
- Section 404(b) calls for certification from auditor on management assessment of internal control. The assessment seeks to ensure that adequate controls are established and maintained for financial reporting. Naturally an information systems audit is useful for such an assessment.
- Section 409 requires immediate disclosure of changes in financial position and operations in real time. An information systems audit can assess the readiness of an organization in this regard.
- Section 802 requires retention of electronic records that have an impact on assets or performance of a company. An information systems auditor reviews the preparedness of any organization to prevent willful or accidental destruction of such records.
CERTIFICATION
- I have reviewed this annual report on Form 10-K of Kraft Foods Inc.;
- Based on my knowledge, this report does not contain any untrue statement of a material fact or omit to state a material fact necessary to make the statements made, in light of the circumstances under which such statements were made, not misleading with respect to the period covered by this report;
- Based on my knowledge, the financial statements, and other financial information included in this report, fairly present in all material respects the financial condition, results of operations and cash flows of the registrant as of, and for, the periods presented in this report;
- The registrant's other certifying officer(s) and I are responsible for establishing and maintaining disclosure controls and procedures (as defined in Exchange Act Rules 13aâ15(e) and 15dâ15(e)) and internal control over financial reporting (as defined in Exchange Act Rules 13aâ15(f) and 15dâ15(f)) for the registrant and have: Designed such disclosure controls and procedures, or caused such disclosure controls and procedures to be designed under our supervision, to ensure that material information relating to the registrant, including its consolidated subsidiaries, is made known to us by others within those entities, particularly during the period in which this report is being prepared;Designed such internal control over financial reporting, or caused such internal control over financial reporting to be designed under our supervision, to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles;Evaluated the effectiveness of the registrant's disclosure controls and procedures and presented in this report our conclusions about the effectiveness of the disclosure controls and procedures, as of the end of the period covered by this report based on such evaluation; andDisclosed in this report any change in the registrant's internal control over financial reporting that occurred during the registrant's most recent fiscal quarter (the registrant's fourth fiscal quarter in the case of an annual report) that has materially affected, or is reasonably likely to materially affect, the registrant's internal control over financial reporting; and
- The registrant's other certifying officer(s) and I have disclosed, based on our most recent evaluation of internal control over financial reporting, to the registrant's auditors and the audit committee of the registrant's board of directors (or persons performing the equivalent functions): All significant deficiencies and material weaknesses in the design or operation of inte...