Information Systems Auditing: The IS Audit Study and Evaluation of Controls Process: Information Systems Auditing, #2
3/5
()
About this ebook
IS audit area study and evaluation mastery reflects professional experience and training. Regarding subject mastery, this booklet contains a detail control system review, analysis, and evaluation process for IS audits; which can be translated, if practiced, into professional experience.
Robert E. Davis
Dr. Robert E. Davis obtained a Bachelor of Business Administration in Accounting and Business Law, a Master of Business Administration in Management Information Systems, and a Doctor of Business Administration in Information Systems Management from Temple, West Chester, and Walden University; respectively. In addition, during his twenty years of involvement in education, Dr. Davis acquired Postgraduate and Professional Technical licenses in Computer Science and Computer Systems Technology. Dr. Davis also obtained the Certified Information Systems Auditor (CISA) certificate — after passing the 1988 Information Systems Audit and Control Association's rigorous three hundred and fifty multiple-choice questions examination; and was conferred the Certified Internal Controls Auditor (CICA) certificate by the Institute for Internal Controls. Since starting his career as an information systems (IS) auditor, Dr. Davis has provided data security consulting and IS auditing services to the United States Securities and Exchange Commission, United States Enrichment Corporation, Raytheon Company, United States Interstate Commerce Commission, Dow Jones & Company and Fidelity/First Fidelity (Wells Fargo) corporations as well as other organizations; in staff through management positions. Prior to engaging in the practice of IS auditing and information security consulting; Dr. Davis (as a corporate employee) provided inventory as well as general accounting services to Philip Morris, USA and general accounting services to Philadelphia National Bank (Wells Fargo). Furthermore, he has prior experience as a freelance writer of IT audit and information security training material. Dr. Davis has authored articles addressing IT issues for ITAudit magazine, ISACA Journal, and IT Governance, LTD as well as peer reviewed Carnegie Mellon University's technical report "Comparing eSCM-SP v2 and COBIT" and five chapters of Bloomsbury Publishing's "Effective Auditing for Corporates". In regards to training individuals in the information systems audit process, he has provided instruction to the Data Processing Management Association, ISACA-Philadelphia Chapter CISA Review Course participants, 3rd Annual Securasia Congress delegates, the Delaware Valley Chapter of the Information Systems Security Association and an Internet CISA study group. Additionally, Dr. Davis has presented webinars for Compliance4all, Compliance IQ, Compliance Online, and...
Related to Information Systems Auditing
Titles in the series (5)
Information Systems Auditing: The IS Audit Planning Process: Information Systems Auditing, #1 Rating: 4 out of 5 stars4/5Information Systems Auditing: The IS Audit Testing Process: Information Systems Auditing, #3 Rating: 1 out of 5 stars1/5Information Systems Auditing: The IS Audit Reporting Process: Information Systems Auditing, #4 Rating: 5 out of 5 stars5/5Information Systems Auditing: The IS Audit Follow-up Process Rating: 2 out of 5 stars2/5
Related ebooks
Information Systems Auditing: The IS Audit Testing Process: Information Systems Auditing, #3 Rating: 1 out of 5 stars1/5Information Systems Auditing: The IS Audit Planning Process: Information Systems Auditing, #1 Rating: 4 out of 5 stars4/5Auditing Information Systems: Enhancing Performance of the Enterprise Rating: 0 out of 5 stars0 ratingsIS Auditor - Process of Auditing: Information Systems Auditor, #1 Rating: 0 out of 5 stars0 ratingsInformation Systems Auditing: The IS Audit Reporting Process: Information Systems Auditing, #4 Rating: 5 out of 5 stars5/5Information Systems Auditing: The IS Audit Follow-up Process Rating: 2 out of 5 stars2/5IT Audit A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsHardening by Auditing: A Handbook for Measurably and Immediately Improving the Security Management of Any Organization Rating: 0 out of 5 stars0 ratingsMastering Internal Audit Fundamentals A Step-by-Step Approach Rating: 4 out of 5 stars4/5Assuring IT Legal Compliance: Assurance Services, #1 Rating: 5 out of 5 stars5/5Hardening by Auditing: A Handbook for Measurably and Immediately Iimrpving the Security Management of Any Organization Rating: 0 out of 5 stars0 ratingsGuide to Audit Data Analytics Rating: 0 out of 5 stars0 ratingsAuditing Essentials Rating: 3 out of 5 stars3/5IT Risk Management Process A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsIT Security Audit A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsAuditing Information Systems and Controls: The Only Thing Worse Than No Control Is the Illusion of Control Rating: 0 out of 5 stars0 ratingsAuditor's Guide to IT Auditing Rating: 5 out of 5 stars5/5IT Auditing and Application Controls for Small and Mid-Sized Enterprises: Revenue, Expenditure, Inventory, Payroll, and More Rating: 0 out of 5 stars0 ratingsSarbanes Oxley Internal Controls A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsCISA EXAM-Testing Concept-Knowledge of Compliance & Substantive Testing Aspects Rating: 3 out of 5 stars3/5IT Audit, Control, and Security Rating: 0 out of 5 stars0 ratingsThe Complete Guide To Sarbanes-Oxley: Understanding How Sarbanes-Oxley Affects Your Business Rating: 0 out of 5 stars0 ratingsThe Executive’S Guide to Internal Auditing Rating: 0 out of 5 stars0 ratingsSarbanes-Oxley Simplified Rating: 5 out of 5 stars5/5CISA Exam-Testing Concept-Knowledge of Risk Assessment Rating: 3 out of 5 stars3/5Risk Management and Information Systems Control Rating: 5 out of 5 stars5/5Practice Aid: Enterprise Risk Management: Guidance For Practical Implementation and Assessment, 2018 Rating: 0 out of 5 stars0 ratingsFundamentals of Information Security Risk Management Auditing: An introduction for managers and auditors Rating: 5 out of 5 stars5/5Internal Auditor A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratings
Certification Guides For You
Coding For Dummies Rating: 5 out of 5 stars5/5CompTIA Security+ Certification Practice Exams, Fourth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Coding All-in-One For Dummies Rating: 4 out of 5 stars4/5CompTIA Security+ Study Guide: Exam SY0-601 Rating: 5 out of 5 stars5/5CompTIA Security+ Get Certified Get Ahead: SY0-701 Study Guide Rating: 5 out of 5 stars5/5PHR and SPHR Professional in Human Resources Certification Complete Practice Tests: 2018 Exams Rating: 4 out of 5 stars4/5CompTIA A+ Complete Review Guide: Core 1 Exam 220-1101 and Core 2 Exam 220-1102 Rating: 5 out of 5 stars5/5Mike Meyers' CompTIA Security+ Certification Guide, Third Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5CompTIA A+ Certification All-in-One For Dummies Rating: 3 out of 5 stars3/5CompTIA Network+ Practice Tests: Exam N10-008 Rating: 0 out of 5 stars0 ratingsHow to Get Started as a Technical Writer Rating: 4 out of 5 stars4/5PHR and SPHR Professional in Human Resources Certification Complete Study Guide: 2018 Exams Rating: 0 out of 5 stars0 ratingsCompTIA A+ CertMike: Prepare. Practice. Pass the Test! Get Certified!: Core 1 Exam 220-1101 Rating: 0 out of 5 stars0 ratingsCompTIA Data+ Study Guide: Exam DA0-001 Rating: 0 out of 5 stars0 ratingsCompTIA A+ Complete Study Guide: Exam Core 1 220-1001 and Exam Core 2 220-1002 Rating: 4 out of 5 stars4/5(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide Rating: 3 out of 5 stars3/5CompTIA DataSys+ Study Guide: Exam DS0-001 Rating: 0 out of 5 stars0 ratingsCompTIA Security+ Study Guide with over 500 Practice Test Questions: Exam SY0-701 Rating: 0 out of 5 stars0 ratingsCompTIA Network+ Review Guide: Exam N10-008 Rating: 0 out of 5 stars0 ratingsCCNA Certification Study Guide, Volume 2: Exam 200-301 Rating: 0 out of 5 stars0 ratingsConcise and Simple Guide to IP Subnets Rating: 5 out of 5 stars5/5CISSP Official (ISC)2 Practice Tests Rating: 5 out of 5 stars5/5Comptia A+ 220-901 Q & A Study Guide: Comptia 21 Day 900 Series, #2 Rating: 5 out of 5 stars5/5CISM Certified Information Security Manager Study Guide Rating: 0 out of 5 stars0 ratingsUnderstanding Cisco Networking Technologies, Volume 1: Exam 200-301 Rating: 0 out of 5 stars0 ratingsCompTIA CySA+ Practice Tests: Exam CS0-002 Rating: 0 out of 5 stars0 ratingsMicrosoft Certified Azure Fundamentals Study Guide: Exam AZ-900 Rating: 0 out of 5 stars0 ratings
Reviews for Information Systems Auditing
2 ratings0 reviews
Book preview
Information Systems Auditing - Robert E. Davis
Information Systems Auditing
The IS Audit Study and Evaluation of Controls Process
2nd Edition
tmp_f9e641eda30cb388f1d1e8ad058eb22f_Wsghtl_html_3be4abbc.jpgRobert E. Davis, MBA, CISA, CICA
Published by Robert E. Davis at Smashwords
Copyright 2009 Robert E. Davis, MBA, CISA, CICA. All rights reserved.
Smashwords Edition, License Notes
This ebook is licensed for your personal enjoyment only. This ebook may not be re-sold or given away to other people. If you would like to share this book with another person, please purchase an additional copy for each recipient. If you’re reading this book and did not purchase it, or it was not purchased for your use only, then please return to Smashwords.com and purchase your own copy. Thank you for respecting the hard work of this author.
Preface
The global Information Technology (IT) community considers becoming a Certified Information Systems Auditor (CISA) a major accomplishment. To obtain the CISA designation information systems auditors, controls, or security professionals must pass a rigorous test demonstrating knowledge in a multitude of information systems audit process areas. Information Systems Audit and Control Association (ISACA) standards and guidelines, audit risk, and audit fieldwork are just a few knowledge requirements CISA candidates must master.
Objectives
Information Systems Auditing: The IS Audit Study and Evaluation of Controls Process is part of a booklets series providing comprehensive IS Audit planning, study, evaluation, and testing methods. Systemically, the series covers major steps in the IS audit processes not chronicled in ISACA standards and guidelines. In terms of content, these monographs convert selected audit standards into practical applications using detailed examples. These monographs also allow auditors to understand various steps and processes required to adequately initiate, document, and compile IT audit phases. Through these study assistants, a CISA student will acquire an appreciation for IT financial statement, government, and external auditing. Collectively, these monographs function as study guides for CISA examination preparation as well as audit reference manuals.
IS audit area study and evaluation mastery reflects professional experience and training. Regarding subject mastery, this booklet contains a detail control system review, analysis, and evaluation process for IS audits; which can be translated, if practiced, into professional experience. Chronologically, this monograph describes required audit steps performed during an audit area assignment. Specifically, internal and external controls study and evaluation are described from an ISA’s perspective, while simultaneously presenting other equivalent audit standards and guidelines. Furthermore, audit risk and testing reassessment are discussed at this monograph’s conclusion.
Related Material
To enhance certification candidate preparation, Boson Software offers practice tests traversing the ISACA CISA examination domains. These practice tests are excellent knowledge diagnostic and test simulation tools, furnishing a variety of question formats for the purchaser. Lastly, the practice tests are customizable, therefore, allowing selected CISA domain study.
Table of Contents
Introduction
1.0 Study of Controls
1.1 Study of Internal Controls
1.2 Study of External Controls
2.0 Design Materiality
3.0 Control Objectives
4.0 Evaluation of Controls
4.1 Evaluation of Internal Controls
4.2 Evaluation of External Controls
4.3 Illegal and Irregular Acts
5.0 Working Papers
5.1 Audit Evidence
6.0 Assessing Risk
7.0 Assessing Testing
Appendix A
Appendix B
Appendix C
Acronyms
Glossary
Bibliography
Biography
Introduction¹, ²
Audit department management approved the Information System (IS) audit plan. Client management was informed during the opening conference of