Standard for Auditing Computer Applications, A
A Standard for Auditing Computer Applications is a dynamic new resource for evaluating all aspects of automated business systems and systems environments. At the heart of A Standard for Auditing Computer Applications system is a set of customizable workpapers that provide blow-by-blow coverage of al...
Đã lưu trong:
| Định dạng: | Sách |
|---|---|
| Ngôn ngữ: | English |
| Được phát hành: |
CRC Press
2009
|
| Truy cập trực tuyến: | https://scholar.dlu.edu.vn/thuvienso/handle/DLU123456789/1304 |
| Các nhãn: |
Thêm thẻ
Không có thẻ, Là người đầu tiên thẻ bản ghi này!
|
| Thư viện lưu trữ: | Thư viện Trường Đại học Đà Lạt |
|---|
| id |
oai:scholar.dlu.edu.vn:DLU123456789-1304 |
|---|---|
| record_format |
dspace |
| institution |
Thư viện Trường Đại học Đà Lạt |
| collection |
Thư viện số |
| language |
English |
| description |
A Standard for Auditing Computer Applications is a dynamic new resource for evaluating all aspects of automated business systems and systems environments. At the heart of A Standard for Auditing Computer Applications system is a set of customizable workpapers that provide blow-by-blow coverage of all phases of the IT audit process for traditional mainframe, distributed processing, and client/server environments.
A Standard for Auditing Computer Applications was developed by Marty Krist, an acknowledged and respected expert in IT auditing. Drawing upon his more than twenty years of auditing experience with leading enterprise organizations, worldwide, Marty walks you step-by-step through the audit process for system environments and specific applications and utilities. He clearly spells out what you need to look for and where to look for it, and he provides expert advice and guidance on how to successfully address a problem when you find one. |
| format |
Book |
| title |
Standard for Auditing Computer Applications, A |
| spellingShingle |
Standard for Auditing Computer Applications, A |
| title_short |
Standard for Auditing Computer Applications, A |
| title_full |
Standard for Auditing Computer Applications, A |
| title_fullStr |
Standard for Auditing Computer Applications, A |
| title_full_unstemmed |
Standard for Auditing Computer Applications, A |
| title_sort |
standard for auditing computer applications, a |
| publisher |
CRC Press |
| publishDate |
2009 |
| url |
https://scholar.dlu.edu.vn/thuvienso/handle/DLU123456789/1304 |
| _version_ |
1819768019350454272 |
| spelling |
oai:scholar.dlu.edu.vn:DLU123456789-13042009-11-26T06:30:05Z Standard for Auditing Computer Applications, A A Standard for Auditing Computer Applications is a dynamic new resource for evaluating all aspects of automated business systems and systems environments. At the heart of A Standard for Auditing Computer Applications system is a set of customizable workpapers that provide blow-by-blow coverage of all phases of the IT audit process for traditional mainframe, distributed processing, and client/server environments. A Standard for Auditing Computer Applications was developed by Marty Krist, an acknowledged and respected expert in IT auditing. Drawing upon his more than twenty years of auditing experience with leading enterprise organizations, worldwide, Marty walks you step-by-step through the audit process for system environments and specific applications and utilities. He clearly spells out what you need to look for and where to look for it, and he provides expert advice and guidance on how to successfully address a problem when you find one. PART I OVERVIEW OF INTEGRATED AUDITING AUTOMATED APPLICATION REVIEW OVERVIEW WHAT INTEGRATED APPLICATION SYSTEMS ARE Proper Operation of the IT Department Developing Automated Applications Critical Information Technology Controls REVIEWING APPLICATION SYSTEMS The Audit Structure The Internal Auditors The Audit Manual Managing the Individual IT Audit IT Audit Procedures Application Development and Testing Documenting and Reporting Audit Work External Auditors ASSESSING IT AUDIT CAPABILITIES Who Should Perform the Self-Assessment? Conducting the Self-Assessment Analysis and Reporting of Results PART II. DEVELOPING THE IT AUDIT PLAN OVERVIEW OF COMPUTER APPLICATIONS AUDIT PLANNING STANDARDS AND PROCESSES IT AUDIT PLANNING Overview of Standards for IT Audit Planning STRATEGIC IT AUDIT PLANNING THE ANNUAL IT AUDIT PLANNING PROCESS Step 1: Identify All Potential Reviews Step 2: Evaluate and Prioritize Possible Reviews Step 3: Setting Preliminary Scopes Step 4: Select and Schedule IT Audits Step 5: Merger Audit Plans SPECIFIC AUDIT PLANNING Step 1: Assign An Auditor-in-Charge Step 2: Perform Application Fact Gathering Step 3: Analyze Application Audit Risk Step 4: Develop and Rank Measurable Audit Objectives Step 5: Develop Administrative Plan Step 6: Write Audit Program PART III. ASSESSING GENERAL IT CONTROLS INFORMATION SYSTEMS ADMINISTRATION Strategic Planning Tactical Planning Information Technology Standard Setting PHYSICAL ACCESS SECURITY The Data Center Door Locks Windows Data Center Floor Alarm System Fire Suppression Systems The Detection of and Response to Unauthorized Activity LOGICAL ACCESS SECURITY User Identification End User Log-In Considerations SYSTEMS DEVELOPMENT PROCESS General Objectives Specific Objectives BACKUP AND RECOVERY Approaches to Making Backups Media Utilized to Make Backups Recovery Issues AUDITING THE MAINFRAME Planning the Audit Performing Fieldwork Procedures Auditing Specific Procedures by Audit Area Audit Finalization AUDITING THE MIDRANGE COMPUTER Planning the Audit Performing Fieldwork Procedures Auditing Specific Procedures by Audit Area Audit Finalization AUDITING THE NETWORK Planning the Audit Performing Fieldwork Procedures Auditing Specific Procedures by Audit Area Audit Finalization PART IV. PERFORMING A COMPLETE EVALUATION PERFORMING A BASIC EVALUATION PERFORMING A COMPLETE EVALUATION General Control Objectives Participants in the Systems Development Life Cycle INITIATION PHASE REVIEW Overview Initiation Phase Deliverables Auditing the Initiation Phase Setting the Scope for the SDLC Audit Customizing the Audit Objectives Detailed Audit Testing Audit Results and Reporting THE REQUIREMENTS DEFINITION PHASE REVIEW Overview Deliverables in the Requirements Definition Phase The Initial Audit Evaluation Adjusting Audit Objectives Detailed Audit Testing Audit Results and Reporting Confirming The Audit Strategy APPLICATION DEVELOPMENT PHASE Programming Phase Overview Programming Phase Deliverables The Initial Audit Assessment Conducting Interviews Setting The Audit Objectives Detailed Audit Testing The Audit Test Audit Results and Reporting Evaluating The Audit Strategy THE EVALUATION AND ACCEPTANCE PHASE Overview Initial Assessment of The Acceptance Phase Gathering and Verifying Information on The Phase Status Setting Objectives for the Audit Evaluation and Acceptance Phase Considerations Detailed Audit Testing Audit Results and Reporting Evaluating Audit Results and Plans PART V ASSESSING IMPLEMENTED SYSTEMS INITIAL REVIEW PROCEDURES Initial Review Procedures Review Existing Audit Files The Planning Meeting AUDIT EVIDENCE Initial Workpapers IDENTIFY APPLICATION RISKS The Meaning of Risk Stand Alone Risk Relative Risk Ensuring Success Identifying Application Risks Overcoming Obstacles to Success Assigning Materiality Computing a Risk Score DEVELOP A DETAILED PLAN Writing Measurable Audit Objectives Verifying the Completeness of Measurable Audit Objectives EVALUATE INTERNAL CONTROLS Document Segregation of Responsibilities Conduct an Internal Control Review Develop Internal Control Diagrams Test Internal Controls Evaluate Internal Control Effectiveness TEST DATA INTEGRITY Conduct a Data File Survey Create Data Test Plan Develop Test Tools Verify File Integrity Evaluate the Correctness of the Test Process Conduct Data Test Review Data Test Results CERTIFY COMPUTER SECURITY Collect Data Conduct Basic Evaluation Conduct Detailed Evaluation Prepare Report of Results ANALYZE AUDIT RESULTS Document Findings Analyze Findings Develop Recommendations Document Recommendations REVIEW AND REPORT AUDIT FINDINGS Create the Audit Report Review Report Reasonableness Review Readability of Report Prepare and Distribute Report REVIEW QUALITY CONTROL Conduct a Quality Control Review Conduct a Quality Assurance Review Improve the Application Audit Process WORKFLOW DIAGRAMMING Creating a Workflow Diagram Recommended Practices for Developing Workflow Diagrams PART VI APPENDICES WORKPAPERS I-3-1 Self Assessment Questionnaire: IT Environment I-3-2 Analysis Summary for I-3-1 I-3-3 Self Assessment Questionnaire: SDLC Methodology I-3-4 Analysis Summary for I-3-3 I-3-5 Self Assessment Questionnaire: Internal Audit Capabilities I-3-6 Analysis Summary for I-3-5 I-3-7 Analysis Summary for I-3-2, I-3-4, and I-3-6 II-5-1 Risk Assessment Model (100-Point System) II-5-2 Risk Assessment Model (Weighted System) II-5-3 Risk Assessment Model (10-Point System) II-5-4 Risk Assessment Model (100-Point Total System) III-1 Generic Questionnaire III-2 Generic Program III-3 Generic Workpaper Set III-7-1 Complete Sample IT Security Policy III-11-1 Standard Business Continuity Planning Audit Program III-13-1 Midrange Questionnaire (AS/400) III-14-1 Network Questionnaire (Novell) A-1 Audit Assignment Interview Checklist A-2 Audit Success Criteria Worksheet A-3 Preliminary Conference Background Information Checklist A-4 Conference Preparation Checklist A-5 Post-Conference Background Information Cheklist A-6 Input Transactions Worksheet A-7 Data File Worksheet A-8 Output Report and User Worksheet A-9 User Satisfaction Questionnaire A-10 Data Flow Diagram A-11 Structural Risk Assessment A-12 Technical Risk Assessment A-13 Size Risk Assessment A-14 Risk Score Summary A-15 Risk Assessment Program A-16 Application Risk Worksheet A-17 Application Risk Worksheet (Blank) A-18 Application Risk Ranking A-19 File or Database Population Analysis A-20 Measurable Application Audit Objectives A-21 EDP Application Audit Plan A-22 Responsibility Conflict Matrix A-23 Data Origination Controls Questionnaire A-24 Data Input Controls Questionnaire A-25 Data Processing Controls Questionnaire A-26 Data Output Controls Questionnaire A-27 Data Flow Control Diagram A-28 Transaction Flow Control Diagram A-29 Responsibility Vulnerability Worksheet A-30 Transaction Vulnerability Worksheet A-31 Application Control Test Plan A-32 Designing the Control Test A-33 Testing Controls A-34 Evaluation of Tested Controls A-35 Computer File Survey A-36 Manual File Survey A-37 Data Audit Objective Test A-38 Test Tool Worksheet A-39 File Integrity Program A-40 File Integrity Proof Sheet A-41 Structural Test Program A-42 Functional Test Program A-43 Data Test Program A-44 Data Test Checklist A-45 Test Results Review A-46 Key Security Planning Questions A-47 Partition of Applications A-48 Security Requirements A-49 Risk Analysis A-50 Document Review Guide A-51 Planning the Interviews A-52 Interview Results A-53 Security Requirements Evaluation A-54 Methodology Review A-55 Detailed Review of Security Safeguards A-56 Security Certification Statement A-57 Detailed Evaluation Report A-58 Audit Finding Documentation A-59 Analysis of Finding A-60 Developing Recommendations A-61 Effective Data Processing Control Practices A-62 Audit Recommendation Worksheet A-63 Report Objectives Worksheet A-64 Audit-Report-Writing Program A-65 Report Reasonableness Checklist A-66 Report Readability Checklist A-67 Exit Conference Program A-68 Report Issuance and Follow-Up Program A-69 Computer Application Audit Quality Control Checklist A-70 Audit Performance Problem Worksheet (Blank) A-71 Audit Performance Problem Worksheet A-72 Audit Process Problem Cause Identification Worksheet A-73 Audit Process Improvement Recommendation Worksheet 2009-11-26T06:30:05Z 2009-11-26T06:30:05Z 1998 Book https://scholar.dlu.edu.vn/thuvienso/handle/DLU123456789/1304 en application/octet-stream CRC Press |