IT Auditing and Sarbanes-Oxley Compliance
Information technology auditing and Sarbanes-Oxley compliance have several overlapping characteristics. They both require ethical accounting practices, focused auditing activities, a functioning system of internal control, and a close watch by the board’s audit committee and CEO. Written as a contri...
Đã lưu trong:
| Tác giả chính: | |
|---|---|
| Định dạng: | Sách |
| Ngôn ngữ: | English |
| Được phát hành: |
CRC Press
2009
|
| Truy cập trực tuyến: | http://scholar.dlu.edu.vn/thuvienso/handle/DLU123456789/1680 |
| Các nhãn: |
Thêm thẻ
Không có thẻ, Là người đầu tiên thẻ bản ghi này!
|
| Thư viện lưu trữ: | Thư viện Trường Đại học Đà Lạt |
|---|
| id |
oai:scholar.dlu.edu.vn:DLU123456789-1680 |
|---|---|
| record_format |
dspace |
| institution |
Thư viện Trường Đại học Đà Lạt |
| collection |
Thư viện số |
| language |
English |
| description |
Information technology auditing and Sarbanes-Oxley compliance have several overlapping characteristics. They both require ethical accounting practices, focused auditing activities, a functioning system of internal control, and a close watch by the board’s audit committee and CEO. Written as a contribution to the accounting and auditing professions as well as to IT practitioners, IT Auditing and Sarbanes-Oxley Compliance: Key Strategies for Business Improvement links these two key business strategies and explains how to perform IT auditing in a comprehensive and strategic manner.
Based on 46 years of experience as a consultant to the boards of major corporations in manufacturing and banking, the author addresses objectives, practices, and business opportunities expected from auditing information systems. Topics discussed include the concept of internal control, auditing functions, internal and external auditors, and the responsibilities of the board of directors.
The book uses several case studies to illustrate and clarify the material. Its chapters analyze the underlying reasons for failures in IT projects and how they can be avoided, examine critical technical questions concerning information technology, discuss problems related to system reliability and response time, and explore issues of compliance.
The book concludes by presenting readers with a "what if" scenario. If Sarbannes-Oxley legislation had passed the U.S. Congress in the late 1990s or even 2000, how might this have influenced the financial statements of Enron and Worldcom? We can never truly know the answer, but if companies make use of the procedures in this book, debacles such as these – and those which led to the 2007-2008 credit and banking crisis – will remain a distant memory. |
| format |
Book |
| author |
Chorafas, Dimitris |
| spellingShingle |
Chorafas, Dimitris IT Auditing and Sarbanes-Oxley Compliance |
| author_facet |
Chorafas, Dimitris |
| author_sort |
Chorafas, Dimitris |
| title |
IT Auditing and Sarbanes-Oxley Compliance |
| title_short |
IT Auditing and Sarbanes-Oxley Compliance |
| title_full |
IT Auditing and Sarbanes-Oxley Compliance |
| title_fullStr |
IT Auditing and Sarbanes-Oxley Compliance |
| title_full_unstemmed |
IT Auditing and Sarbanes-Oxley Compliance |
| title_sort |
it auditing and sarbanes-oxley compliance |
| publisher |
CRC Press |
| publishDate |
2009 |
| url |
http://scholar.dlu.edu.vn/thuvienso/handle/DLU123456789/1680 |
| _version_ |
1757676852909965312 |
| spelling |
oai:scholar.dlu.edu.vn:DLU123456789-16802009-12-04T03:12:47Z IT Auditing and Sarbanes-Oxley Compliance Chorafas, Dimitris Information technology auditing and Sarbanes-Oxley compliance have several overlapping characteristics. They both require ethical accounting practices, focused auditing activities, a functioning system of internal control, and a close watch by the board’s audit committee and CEO. Written as a contribution to the accounting and auditing professions as well as to IT practitioners, IT Auditing and Sarbanes-Oxley Compliance: Key Strategies for Business Improvement links these two key business strategies and explains how to perform IT auditing in a comprehensive and strategic manner. Based on 46 years of experience as a consultant to the boards of major corporations in manufacturing and banking, the author addresses objectives, practices, and business opportunities expected from auditing information systems. Topics discussed include the concept of internal control, auditing functions, internal and external auditors, and the responsibilities of the board of directors. The book uses several case studies to illustrate and clarify the material. Its chapters analyze the underlying reasons for failures in IT projects and how they can be avoided, examine critical technical questions concerning information technology, discuss problems related to system reliability and response time, and explore issues of compliance. The book concludes by presenting readers with a "what if" scenario. If Sarbannes-Oxley legislation had passed the U.S. Congress in the late 1990s or even 2000, how might this have influenced the financial statements of Enron and Worldcom? We can never truly know the answer, but if companies make use of the procedures in this book, debacles such as these – and those which led to the 2007-2008 credit and banking crisis – will remain a distant memory. I. MANAGEMENT CONTROL Internal Control and Information Technology Internal Control Defined Internal Control and Service Science The Proverbial Long, Hard Look Classical and New Internal Controls Deficiencies and Conflicts in Internal Control Internal Control is IT’s Current Frontier The Audit of Advanced IT Operations Case Studies on Internal Control’s Contribution Internal Control and Operational Risk Monitoring Functions of Internal Control The Critical Role of Experimentation Use of Threat Curves in IT Design Review as an Internal Control Method Internal Control and System Specifications The Added Value of Prototyping Auditing Functions Purpose of Auditing Qualification of Auditors and Audit Standards Transparency in Financial Reporting The Sarbanes-Oxley Act and Its Aftereffects The Auditor’s Independence of Opinion Auditing the Bank’s Internal Control: A Case Study Audit Reports and Audit Trails Internal and External Audit Auditing Responsibilities Prescribed by Regulatory Agencies Structure and Standards of Internal Audit Internal Audit Functions Failures in Auditing Internal Control Outsourcing Internal Audit External Audit Functions Unqualified and Qualified Reports by External Auditors Challenging the Dominance of the Big Four The Board’s Accountability for Audit Membership of the Board of Directors Legal Responsibilities of Board Members and Senior Management Committees of the Board The Corporate Governance and Nominating Committee The Audit Committee Situations That Escaped the Audit Committee’s Watch Cultural Change II. CASE STUDIES ON AUDITING A COMPANY’S INFORMATION TECHNOLOGY Auditing the Information Technology Functions Snapshots of IT Audits Tuning the IT Audit to Regulatory Requirements Procedure of an IT Audit Why IT Audit Impacts a Firm’s Technology Auditing Fraud Cases Auditing Technology Risk Auditing the Overall System Concept Testing Existing Auditing Procedures Auditing IT’s Legal Risk Strategic I.T. Auditing: A Case Study Goal of a Strategic Audit Strategic Analysis of the Bank’s Business Snapshot of IT’s Status Quo What Bank Executives Thought of IT Support They Received High Back-Office Costs, Low Marketing Punch, and Treasury Department Woes Conversion Problems Created by Legacy IT Database Culture and Software Development Conclusion: A Lopsided System Design A Constructive View – Suggestions for IT Restructuring Capitalizing on the Strengths of the Institution Opportunities and Problems of Strategic Planning A New Technology Strategy Bringing High Tech to the CEO and the Professionals Improving Internal Control Over IT Instituting a Risk Management System Return on Investment and the Technology Budget Profit Center Organization and Internal Billing A Broader Perspective of IT Auditing IT Projects That Never Reach Their Goals Why Has the Project Not Been Completed? The Fall of a State-of-the-Art Project in Transaction Management Mismanagement of Client Accounts Revealed by an Audit Wrong Approach to Risk Control: Too Much Manual Work Auditing the Models for Market-Risk Exposure III. TECHNICAL EXAMPLES IN AUDITING IT FUNCTIONS Auditing IT Response Time and Reliability Qualifications for Auditing Specific Technical Issues System Response Time System Expansion Factor User Activity and the Cost of Turnaround Time Auditing Interactive Systems Auditing System Reliability The Investigation of Reasons for Unreliability Auditing Operational Readiness Auditing the Security System Information Security and the IT Auditor Auditing Security Management Physical Security Logical Security How Safe Is Network Security? Information Security in Cyberspace – The Small Fry Information Security in Cyberspace – The Big Stuff The Auditor’s Targets in Network Security Auditing Software Security IV. CAN IT HELP IN COMPLIANCE? THE CASE OF SOX Sarbanes-Oxley Compliance and IT’s Contribution Compliance Defined Beyond Compliance with the Sarbanes-Oxley Act Both Regulation and Management Watch Should be Proactive SOX Is a Friend of Business, Not a Foe The Fear of the Policeman is Greater Than the Fear of IT Contribution to Compliance of the Corporate Memory Facility The Contribution of Knowledge Engineering Why Knowledge Artifacts Are Major Advance in IT What If: Backtesting Sarbanes-Oxley The Concept Underpinning Case Studies and What If Scenarios Replaying the Enron Scandal under SOX The Worse Continued to Worsen Ignorance as a Way of Running a Big Firm Modern Financial Alchemy: Prepays Credit Insurance, Surety Bonds and Out-of-Court Settlement Sarbanes-Oxley and the WorldCom Scandal The Contribution of the Sarbanes-Oxley Act to the American Economy IV. INDEX 2009-12-04T03:12:47Z 2009-12-04T03:12:47Z 2008 Book http://scholar.dlu.edu.vn/thuvienso/handle/DLU123456789/1680 en application/rar CRC Press |