Filled with exercises, review questions, section summaries, and references for further reading, this updated and revised edition promotes the mastery of the concepts and practical implementation of controls needed to manage information technology resources effectively well into the future. Illustrating the complete IT audit process, the text:
Considers the legal environment and its impact on the IT field—including IT crime issues and protection against fraud
Explains how to determine risk management objectives
Covers IT project management and describes the auditor’s role in the process
Examines advanced topics such as virtual infrastructure security, enterprise resource planning, web application risks and controls, and cloud and mobile computing security
Includes review questions, multiple-choice questions with answers, exercises, and resources for further reading in each chapter
This resource-rich text includes appendices with IT audit cases, professional standards, sample audit programs, bibliography of selected publications for IT auditors, and a glossary. It also considers IT auditor career development and planning and explains how to establish a career development plan. Mapping the requirements for information systems auditor certification, this text is an ideal resource for those preparing for the Certified Information Systems Auditor (CISA) and Certified in the Governance of Enterprise IT (CGEIT) exams.
About the Authors
Frederick Gallegos, MBA, has expertise in IT Audit Education, IS Auditing, Security, and Control of Information Systems; Legal Environment of Information Systems; Local Area and Wide Area Network Security and Controls; Computer Ethics, Management Information Systems, Executive Support Systems, Internet as an Audit Resource. He has more than 35 years of teaching and practical experience in the field, published four books, and authored and coauthored more than 200 articles in the aforementioned subjects. He received his BS and MBA from the California State Polytechnic University, Pomona, California. He has a California Community College Instructor Credential. He taught for the Computer Information Systems Department, College of Business at California State Polytechnic University, Pomona, California, from 1976 to 1996 (part-time) and full-time from 1996 to 2006. After 30 years of teaching, he retired in September 2006 and received the lecturer emeritus status from the university in May 2007. In February 2008, he received the Computer Information Systems (CIS) Lifetime Achievement Award from the CIS Department at Cal Poly, Pomona, California. He continues to maintain contact and provides consulting services with his past undergraduate and graduate students and alumni of the CIS Department’s Information Assurance programs from the California State Polytechnic University, Pomona, California.
Sandra Senft, MSBA-IS Audit, CISA, CIA, is an executive with more than 30 years of combined experience in auditing, financial management, insurance, and information technology (IT). During her career in IT, her responsibilities included finance, process improvement, project management, quality management, service management, sourcing, and vendor management.Sandra developed an extensive understanding of the IT and financial disciplines in her role as the global chief financial officer for Group IT within Zurich Financial Services in Zurich, Switzerland. Prior to that she was the Assistant Vice President for IT Support Services at Farmers Insurance in Los Angeles, CA. She was responsible for the Project Management Office, IT Finance, Quality Assurance, Sourcing and Vendor Management, Service Management, and Asset Management.
Aleksandra Looho Davis, MSBA-IS Audit, CISA, CIA, CPA, has over 15 years of combined experience in auditing, financial management, insurance, and risk management. Currently, she is an IT Audit Principal at a leading insurance company in California. Throughout her career, Aleksandra has spearheaded several Compliance Programs, including SOX 404, and continues to incorporate improvements to ensure sustainability of the programs. She also consults on key company initiatives to help ensure that adequate controls are considered, provides audit and other consulting services, including Enterprise Risk Management (ERM), Business Continuity/Disaster Recovery (BC/DR), and Quality Assessment and Improvement Program (QAIP). Aleksandra also facilitates communication to help increase internal controls awareness and is a liaison to external auditors.
For More Information Please Visit
ISBN 9781439893203, July 2012, 776 pp, $89.95