Information Technology Control and Audit, Fifth Edition

The new fifth edition of Information Technology Control and Audit has been significantly revised to include a comprehensive overview of the IT environment, including revolutionizing technologies, legislation, audit process, governance, strategy, and outsourcing, among others. This new edition also outlines common IT audit risks, procedures, and involvement associated with major IT audit areas. It further provides cases featuring practical IT audit scenarios, as well as sample documentation to design and perform actual IT audit work. Filled with up-to-date audit concepts, tools, techniques, and references for further reading, this revised edition promotes the mastery of concepts, as well as the effective implementation and assessment of IT controls by organizations and auditors. For instructors and lecturers there are an instructor’s manual, sample syllabi and course schedules, PowerPoint lecture slides, and test questions. For students there are flashcards to test their knowledge of key terms and recommended further readings. Go to http://routledgetextbooks.com/textbooks/9781498752282/ for more information.

Part 1. Foundation for IT Audit: 1. Information Technology Environment and IT Audit. 2. Legislation Relevant to Information Technology. 3. The IT Audit Process. 4. Tools and Techniques Used in Auditing IT. Part 2; Planning and Organization: 5. IT Governance and Strategy. 6. Risk Management. 7. Project Management. 8. System Development Life Cycle. Part 3. Auditing Environment: 9. Application Systems: Risks and Controls. 10. Change Control Management. 11. Information Systems Operations. 12. Information Security. 13. Systems Acquisition, Service Management, and Outsourcing. Part 4. Appendixes: 1. IT Planning Memo. 2. Understanding the IT Environment. 3. Sample IT Audit Programs for General Control IT Areas. 4. ACL Best Practice Procedures for Testing Accounting Journal Entries. 5. IT Risk Assessment Example Using NIST SP 800-30. 6. Sample Change Control Management Policy. 7. Sample Information Systems Operations Policy. 8. Auditing End-User Computing Groups. 9. Recommended Control Areas for Auditing Software Acquisitions. 10. Glossary.

Angel R. Otero, Ph.D., CPA, CISA, CITP, CICA, CRISC is assistant professor of accounting and program chair for accounting and finance online programs at the College of Business, Florida Institute of Technology (Florida Tech or FIT), Melbourne, FL. Dr. Otero has a B.S. in accounting from Pennsylvania State University, a M.S. in software engineering from Florida Tech, and a Ph.D. in information systems from Nova Southeastern University. He also holds active memberships at the American Institute of Certified Public Accountants (AICPA), ISACA (formerly the Information Systems Audit and Control Association), and the Institute for Internal Controls (IIC) professional organizations. Dr. Otero has over 20 years of industry experience in the areas of public accounting/auditing, information systems auditing, internal control audits, and information technology consulting. Clients served involve the industries of banking/finance, insurance, government, manufacturing, retail, and wholesale, among others. Before joining FIT, Dr. Otero worked at Deloitte & Touche, LLP for 10 plus years and attained the position of senior manager overseeing offices in the state of Florida and Puerto Rico. Dr. Otero’s research interests involve (1) information systems/technology auditing; (2) accounting information systems; (3) financial audits and internal controls; and (4) information security audits and risk assessments. He has published in multiple peer-reviewed journals and conference proceedings.