libri scuola books Fumetti ebook dvd top ten sconti 0 Carrello

Torna Indietro

krist martin a. - standard for auditing computer applications, second edition

Standard for Auditing Computer Applications, Second Edition

Disponibilità: Normalmente disponibile in 20 giorni
A causa di problematiche nell'approvvigionamento legate alla Brexit sono possibili ritardi nelle consegne.

682,98 €
648,83 €

Questo prodotto usufruisce delle SPEDIZIONI GRATIS
selezionando l'opzione Corriere Veloce in fase di ordine.

Pagabile anche con Carta della cultura giovani e del merito, 18App Bonus Cultura e Carta del Docente

Facebook Twitter Aggiungi commento

Spese Gratis


Lingua: Inglese
Pubblicazione: 12/1998
Edizione: Edizione nuova, 2° edizione

Note Editore

A Standard for Auditing Computer Applications is a dynamic new resource for evaluating all aspects of automated business systems and systems environments. At the heart of A Standard for Auditing Computer Applications system is a set of customizable workpapers that provide blow-by-blow coverage of all phases of the IT audit process for traditional mainframe, distributed processing, and client/server environments.A Standard for Auditing Computer Applications was developed by Marty Krist, an acknowledged and respected expert in IT auditing. Drawing upon his more than twenty years of auditing experience with leading enterprise organizations, worldwide, Marty walks you step-by-step through the audit process for system environments and specific applications and utilities. He clearly spells out what you need to look for and where to look for it, and he provides expert advice and guidance on how to successfully address a problem when you find one.When you order A Standard for Auditing Computer Applications, you receive a powerful package containing all the forms, checklists, and templates you'll ever need to conduct successful audits on downloadable resources. Designed to function as a handy, on-the-job resource, the book follows a concise, quick-access format. It begins with an overview of the general issues inherent in any IT review. This is followed by a comprehensive review of the audit planning process. The remainder of the book provides you with detailed, point-by-point breakdowns along with proven tools for:evaluating systems environments-covers all the bases, including IT administration, security, backup and recovery planning, systems development, and moreEvaluating existing controls for determining hardware and software reliabilityAssessing the new system development processEvaluating all aspects of individual applications, from I/O, processing and logical and physical security to documentation, training, and programmed proceduresAssessing specific applications and utilities, including e-mail, groupware, finance and accounting applications, CAD, R&D, production applications, and more


PART I OVERVIEW OF INTEGRATED AUDITINGAUTOMATED APPLICATION REVIEW OVERVIEW WHAT INTEGRATED APPLICATION SYSTEMS ARE Proper Operation of the IT Department Developing Automated Applications Critical Information Technology Controls REVIEWING APPLICATION SYSTEMS The Audit Structure The Internal Auditors The Audit Manual Managing the Individual IT Audit IT Audit Procedures Application Development and Testing Documenting and Reporting Audit Work External Auditors ASSESSING IT AUDIT CAPABILITIES Who Should Perform the Self-Assessment? Conducting the Self-Assessment Analysis and Reporting of Results PART II. DEVELOPING THE IT AUDIT PLANOVERVIEW OF COMPUTER APPLICATIONS AUDIT PLANNING STANDARDS AND PROCESSES IT AUDIT PLANNING Overview of Standards for IT Audit Planning STRATEGIC IT AUDIT PLANNING THE ANNUAL IT AUDIT PLANNING PROCESS Step 1: Identify All Potential Reviews Step 2: Evaluate and Prioritize Possible Reviews Step 3: Setting Preliminary Scopes Step 4: Select and Schedule IT Audits Step 5: Merger Audit Plans SPECIFIC AUDIT PLANNING Step 1: Assign An Auditor-in-Charge Step 2: Perform Application Fact Gathering Step 3: Analyze Application Audit Risk Step 4: Develop and Rank Measurable Audit Objectives Step 5: Develop Administrative Plan Step 6: Write Audit Program PART III. ASSESSING GENERAL IT CONTROLSINFORMATION SYSTEMS ADMINISTRATION Strategic Planning Tactical Planning Information Technology Standard Setting PHYSICAL ACCESS SECURITY The Data Center Door Locks Windows Data Center Floor Alarm System Fire Suppression Systems The Detection of and Response to Unauthorized Activity LOGICAL ACCESS SECURITY User Identification End User Log-In Considerations SYSTEMS DEVELOPMENT PROCESS General Objectives Specific Objectives BACKUP AND RECOVERY Approaches to Making Backups Media Utilized to Make Backups Recovery Issues AUDITING THE MAINFRAME Planning the Audit Performing Fieldwork Procedures Auditing Specific Procedures by Audit Area Audit Finalization AUDITING THE MIDRANGE COMPUTER Planning the Audit Performing Fieldwork Procedures Auditing Specific Procedures by Audit Area Audit Finalization AUDITING THE NETWORK Planning the Audit Performing Fieldwork Procedures Auditing Specific Procedures by Audit Area Audit Finalization PART IV. PERFORMING A COMPLETE EVALUATIONPERFORMING A BASIC EVALUATION PERFORMING A COMPLETE EVALUATION General Control Objectives Participants in the Systems Development Life Cycle INITIATION PHASE REVIEW Overview Initiation Phase Deliverables Auditing the Initiation Phase Setting the Scope for the SDLC Audit Customizing the Audit Objectives Detailed Audit Testing Audit Results and Reporting THE REQUIREMENTS DEFINITION PHASE REVIEW Overview Deliverables in the Requirements Definition Phase The Initial Audit Evaluation Adjusting Audit Objectives Detailed Audit Testing Audit Results and Reporting Confirming The Audit Strategy APPLICATION DEVELOPMENT PHASE Programming Phase Overview Programming Phase Deliverables The Initial Audit Assessment Conducting Interviews Setting The Audit Objectives Detailed Audit Testing The Audit Test Audit Results and Reporting Evaluating The Audit Strategy THE EVALUATION AND ACCEPTANCE PHASE Overview Initial Assessment of The Acceptance Phase Gathering and Verifying Information on The Phase Status Setting Objectives for the Audit Evaluation and Acceptance Phase Considerations Detailed Audit Testing Audit Results and Reporting Evaluating Audit Results and Plans PART V ASSESSING IMPLEMENTED SYSTEMSINITIAL REVIEW PROCEDURES Initial Review Procedures Review Existing Audit Files The Planning Meeting AUDIT EVIDENCE Initial Workpapers IDENTIFY APPLICATION RISKS The Meaning of Risk Stand Alone Risk Relative Risk Ensuring Success Identifying Application Risks Overcoming Obstacles to Success Assigning Materiality Computing a Risk Score DEVELOP A DETAILED PLAN Writing Measurable Audit Objectives Verifying the Completeness of Measurable Audit Objectives EVALUATE INTERNAL CONTROLS Document Segregation of Responsibilities Conduct an Internal Control Review Develop Internal Control Diagrams Test Internal Controls Evaluate Internal Control Effectiveness TEST DATA INTEGRITY Conduct a Data File Survey Create Data Test Plan Develop Test Tools Verify File Integrity Evaluate the Correctness of the Test Process Conduct Data Test Review Data Test Results CERTIFY COMPUTER SECURITY Collect Data Conduct Basic Evaluation Conduct Detailed Evaluation Prepare Report of Results ANALYZE AUDIT RESULTS Document Findings Analyze Findings Develop Recommendations Document Recommendations REVIEW AND REPORT AUDIT FINDINGS Create the Audit Report Review Report Reasonableness Review Readability of Report Prepare and Distribute Report REVIEW QUALITY CONTROL Conduct a Quality Control Review Conduct a Quality Assurance Review Improve the Application Audit Process WORKFLOW DIAGRAMMING Creating a Workflow Diagram Recommended Practices for Developing Workflow Diagrams PART VI APPENDICESWORKPAPERSI-3-1 Self Assessment Questionnaire: IT Environment I-3-2 Analysis Summary for I-3-1 I-3-3 Self Assessment Questionnaire: SDLC Methodology I-3-4 Analysis Summary for I-3-3 I-3-5 Self Assessment Questionnaire: Internal Audit Capabilities I-3-6 Analysis Summary for I-3-5 I-3-7 Analysis Summary for I-3-2, I-3-4, and I-3-6 II-5-1 Risk Assessment Model (100-Point System) II-5-2 Risk Assessment Model (Weighted System) II-5-3 Risk Assessment Model (10-Point System) II-5-4 Risk Assessment Model (100-Point Total System) III-1 Generic Questionnaire III-2 Generic Program III-3 Generic Workpaper Set III-7-1 Complete Sample IT Security Policy III-11-1 Standard Business Continuity Planning Audit Program III-13-1 Midrange Questionnaire (AS/400) III-14-1 Network Questionnaire (Novell) A-1 Audit Assignment Interview Checklist A-2 Audit Success Criteria Worksheet A-3 Preliminary Conference Background Information Checklist A-4 Conference Preparation Checklist A-5 Post-Conference Background Information Cheklist A-6 Input Transactions Worksheet A-7 Data File Worksheet A-8 Output Report and User Worksheet A-9 User Satisfaction Questionnaire A-10 Data Flow Diagram A-11 Structural Risk Assessment A-12 Technical Risk Assessment A-13 Size Risk Assessment A-14 Risk Score Summary A-15 Risk Assessment Program A-16 Application Risk Worksheet A-17 Application Risk Worksheet (Blank) A-18 Application Risk Ranking A-19 File or Database Population Analysis A-20 Measurable Application Audit Objectives A-21 EDP Application Audit Plan A-22 Responsibility Conflict Matrix A-23 Data Origination Controls Questionnaire A-24 Data Input Controls Questionnaire A-25 Data Processing Controls Questionnaire A-26 Data Output Controls Questionnaire A-27 Data Flow Control Diagram A-28 Transaction Flow Control Diagram A-29 Responsibility Vulnerability Worksheet A-30 Transaction Vulnerability Worksheet A-31 Application Control Test Plan A-32 Designing the Control Test A-33 Testing Controls A-34 Evaluation of Tested Controls A-35 Computer File Survey A-36 Manual File Survey A-37 Data Audit Objective Test A-38 Test Tool Worksheet A-39 File Integrity Program A-40 File Integrity Proof Sheet A-41 Structural Test Program A-42 Functional Test Program A-43 Data Test Program A-44 Data Test Checklist A-45 Test Results Review A-46 Key Security Planning Questions A-47 Partition of Applications A-48 Security Requirements A-49 Risk Analysis A-50 Document Review Guide A-51 Planning the Interviews A-52 Interview Results A-53 Security Requirements Evaluation A-54 Methodology Review A-55 Detailed Review of Security Safeguards A-56 Security Certification Statement A-57 Detailed Evaluation Report A-58 Audit Finding Documentation A-59 Analysis of Finding A-60 Developing Recommendations A-61 Effective Data Processing Control Practices A-62 Audit Recommendation Worksheet A-63 Report Objectives Worksheet A-64 Audit-Report-Writing Program A-65 Report Reasonableness Checklist A-66 Report Readability Checklist A-67 Exit Conference Program A-68

Altre Informazioni



Condizione: Nuovo
Dimensioni: 11.01 x 8.25 in Ø 1.83 lb
Formato: Brossura
Illustration Notes:91 tables
Pagine Arabe: 726

Dicono di noi