eBook - ePub
Understanding and Conducting Information Systems Auditing
Veena Hingarh, Arif Ahmed
This is a test
Condividi libro
- English
- ePUB (disponibile sull'app)
- Disponibile su iOS e Android
eBook - ePub
Understanding and Conducting Information Systems Auditing
Veena Hingarh, Arif Ahmed
Dettagli del libro
Anteprima del libro
Indice dei contenuti
Citazioni
Informazioni sul libro
A comprehensive guide to understanding and auditing modern information systems
The increased dependence on information system resources for performing key activities within organizations has made system audits essential for ensuring the confidentiality, integrity, and availability of information system resources. One of the biggest challenges faced by auditors is the lack of a standardized approach and relevant checklist. Understanding and Conducting Information Systems Auditing brings together resources with audit tools and techniques to solve this problem.
Featuring examples that are globally applicable and covering all major standards, the book takes a non-technical approach to the subject and presents information systems as a management tool with practical applications. It explains in detail how to conduct information systems audits and provides all the tools and checklists needed to do so. In addition, it also introduces the concept of information security grading, to help readers to implement practical changes and solutions in their organizations.
- Includes everything needed to perform information systems audits
- Organized into two sections—the first designed to help readers develop the understanding necessary for conducting information systems audits and the second providing checklists for audits
- Features examples designed to appeal to a global audience
Taking a non-technical approach that makes it accessible to readers of all backgrounds, Understanding and Conducting Information Systems Auditing is an essential resource for anyone auditing information systems.
Domande frequenti
Come faccio ad annullare l'abbonamento?
È semplicissimo: basta accedere alla sezione Account nelle Impostazioni e cliccare su "Annulla abbonamento". Dopo la cancellazione, l'abbonamento rimarrà attivo per il periodo rimanente già pagato. Per maggiori informazioni, clicca qui
È possibile scaricare libri? Se sì, come?
Al momento è possibile scaricare tramite l'app tutti i nostri libri ePub mobile-friendly. Anche la maggior parte dei nostri PDF è scaricabile e stiamo lavorando per rendere disponibile quanto prima il download di tutti gli altri file. Per maggiori informazioni, clicca qui
Che differenza c'è tra i piani?
Entrambi i piani ti danno accesso illimitato alla libreria e a tutte le funzionalità di Perlego. Le uniche differenze sono il prezzo e il periodo di abbonamento: con il piano annuale risparmierai circa il 30% rispetto a 12 rate con quello mensile.
Cos'è Perlego?
Perlego è un servizio di abbonamento a testi accademici, che ti permette di accedere a un'intera libreria online a un prezzo inferiore rispetto a quello che pagheresti per acquistare un singolo libro al mese. Con oltre 1 milione di testi suddivisi in più di 1.000 categorie, troverai sicuramente ciò che fa per te! Per maggiori informazioni, clicca qui.
Perlego supporta la sintesi vocale?
Cerca l'icona Sintesi vocale nel prossimo libro che leggerai per verificare se è possibile riprodurre l'audio. Questo strumento permette di leggere il testo a voce alta, evidenziandolo man mano che la lettura procede. Puoi aumentare o diminuire la velocità della sintesi vocale, oppure sospendere la riproduzione. Per maggiori informazioni, clicca qui.
Understanding and Conducting Information Systems Auditing è disponibile online in formato PDF/ePub?
Sì, puoi accedere a Understanding and Conducting Information Systems Auditing di Veena Hingarh, Arif Ahmed in formato PDF e/o ePub, così come ad altri libri molto apprezzati nelle sezioni relative a Business e Auditing. Scopri oltre 1 milione di libri disponibili nel nostro catalogo.
PART ONE
Conducting an Information Systems Audit
CHAPTER 1
Overview of Systems Audit
IN THIS CHAPTER WE discuss why an information systems audit would be conducted. The chapter also identifies the challenges that an auditor will face while auditing a computerized system. Critical differences between computerized and noncomputerized systems have also been identified. Upon completion of this chapter, the reader will have an understanding of the salient features of a computerized system that an information systems auditor must keep in mind.
Information Systems Audit
An information systems audit is an examination of various controls within an information systems infrastructure. It is the process involving collection and evaluation of evidence of the design and functions of controls designed and implemented in information systems, practices, and operations. The auditor, subsequent to evaluation of the evidence, forms an opinion on whether the information systems safeguard assets, maintain data integrity, and operate effectively and efficiently in order to achieve the agreed-upon goals and objectives of the entity. An information systems audit can be performed independently of or along with an audit of financial statements. More often than not, it remains an independent function used during testing of controls.
Information Systems Auditor
Under the existing practices in various countries, any person having a recognized qualification in information systems audit can conduct an information systems audit. To be a recognized qualification, it must be awarded by an institution that is acknowledged by the laws of the country. These institutions can be academic or professional bodies. The qualification can also be designated by membership of an association or body of person on the basis of their internal norms of qualification for such membership. Usually such membership is renewable annually by paying a membership fee. Qualifications from academic institutions usually do not involve any recurring membership cost. It is important to note whether the regulatory authorities recognize the qualification of an information systems auditor for conducting an information systems audit in a specific country. Industries are free to recognize qualifications awarded by institutions other than those mentioned earlier.
It may be noted that, unless specified by the auditee or regulatory authorities, there is no requirement of any additional qualification other than that of an information systems auditor, in order to conduct an information systems audit.
Legal Requirements of an Information Systems Audit
More often than not, an information systems audit is a best practice or an ethical exercise rather than a legal requirement. However, the audit may be legally required in some countries, such as under the Sarbanes-Oxley Act of 2002 in the United States.
Major requirements of the Sarbanes-Oxley Act with relation to information systems audit are provided in the following sections.
The Sarbanes-Oxley Act of 2002
The Sarbanes-Oxley Act came into force in 2002 to ensure better regulation of financial practices and corporate governance and requires a number of compliances. The act is named after Senator Paul Sarbanes and Representative Michael Oxley, who were its main architects.
Form 10-K
Form 10-K is the name of the form that every domestic issuer in the United States has to submit to the Securities and Exchange Commission. The form provides a comprehensive overview of the business of the filer, along with the business's financial condition and audited statements.
Securities and Exchange Commission
Better known by its acronym, SEC, the Securities and Exchange Commission is the apex regulator responsible for enforcing all of the laws and regulations of the securities industry in the United States.
- Section 302 assigns corporate responsibility for accuracy of financial statements and operational activities to the chief executive officer (CEO) and chief finance officer (CFO). The signing officers certify that they have reviewed the reports and that they are free of untrue statements, material omissions, or misleading statements. This can be assured only if an information systems audit has reviewed the operation of the software and systems involved in producing the financial statements.
- Section 404(b) calls for certification from auditor on management assessment of internal control. The assessment seeks to ensure that adequate controls are established and maintained for financial reporting. Naturally an information systems audit is useful for such an assessment.
- Section 409 requires immediate disclosure of changes in financial position and operations in real time. An information systems audit can assess the readiness of an organization in this regard.
- Section 802 requires retention of electronic records that have an impact on assets or performance of a company. An information systems auditor reviews the preparedness of any organization to prevent willful or accidental destruction of such records.
Following is a sample certification from the 10-K filing of Kraft Foods Inc. with the Securities and Exchange Commission.
CERTIFICATION
I, Irene B. Rosenfeld, certify that:
- I have reviewed this annual report on Form 10-K of Kraft Foods Inc.;
- Based on my knowledge, this report does not contain any untrue statement of a material fact or omit to state a material fact necessary to make the statements made, in light of the circumstances under which such statements were made, not misleading with respect to the period covered by this report;
- Based on my knowledge, the financial statements, and other financial information included in this report, fairly present in all material respects the financial condition, results of operations and cash flows of the registrant as of, and for, the periods presented in this report;
- The registrant's other certifying officer(s) and I are responsible for establishing and maintaining disclosure controls and procedures (as defined in Exchange Act Rules 13a–15(e) and 15d–15(e)) and internal control over financial reporting (as defined in Exchange Act Rules 13a–15(f) and 15d–15(f)) for the registrant and have: Designed such disclosure controls and procedures, or caused such disclosure controls and procedures to be designed under our supervision, to ensure that material information relating to the registrant, including its consolidated subsidiaries, is made known to us by others within those entities, particularly during the period in which this report is being prepared;Designed such internal control over financial reporting, or caused such internal control over financial reporting to be designed under our supervision, to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles;Evaluated the effectiveness of the registrant's disclosure controls and procedures and presented in this report our conclusions about the effectiveness of the disclosure controls and procedures, as of the end of the period covered by this report based on such evaluation; andDisclosed in this report any change in the registrant's internal control over financial reporting that occurred during the registrant's most recent fiscal quarter (the registrant's fourth fiscal quarter in the case of an annual report) that has materially affected, or is reasonably likely to materially affect, the registrant's internal control over financial reporting; and
- The registrant's other certifying officer(s) and I have disclosed, based on our most recent evaluation of internal control over financial reporting, to the registrant's auditors and the audit committee of the registrant's board of directors (or persons performing the equivalent functions): All significant deficiencies and material weaknesses in the design or operation of inte...