Auditor’s Guide to Information Systems Auditing
Information systems permeate every business and government organization. They are the lifeblood that fuels all fundamental business operations. Auditors therefore must have a detailed knowledge of computers and auditing information systems. The Auditor’s Guide to Information Systems Auditing provides a comprehensive reference manual for all professionals. The first ten chapters of the book cover the information systems audit process including standards, internal control concepts, audit management, evidence and more. The next part of the book is devoted to IT governance issues such as planning and techniques. Other subjects covered include systems lifecycle management, service delivery and support, protecting information assets, business continuity and disaster recovery. The final section covers advanced topics like e-commerce, UNIX/Linux, Windows, and IT fraud. The appendices include 4 audit programs for application systems auditing, logical access control, auditing UNIX /Linux and Windows XP/2000. As a bonus the book includes an educational version of IDEA software, a powerful data analysis tool. The version of IDEA is limited to 10,000 records which should be sufficient for testing in smaller organization. While the inclusion of the software is a definite benefit and incentive for buying the book, there is little, if any guidance on using the software. There is a help file and user guide developed by the vendor on the disk. In the advanced IS auditing section of the book there is a paragraph on computer assisted audit techniques which mentions the inclusion of the IDEA software and a full tutorial on the use of the software in Appendix F. Unfortunately there was no Appendix F in the review copy of the book. This book should still be standard reading for all auditors to increase their knowledge for this important skill set that will be a standard part of the competency framework.
I