AuditNet^® Audit-library::Information-technologyinformation-systems-audit-resources

IT Auditing

An information technology audit, or information systems audit, is an examination of the management controls within an Information technology (IT) infrastructure. The evaluation of obtained evidence determines if the information systems are safeguarding assets, maintaining data integrity, and operating effectively to achieve the organization's goals or objectives. These reviews may be performed in conjunction with a financial statement audit, internal audit, or other form of attestation engagement.

AuditNet® has joined forces with Richard Cascarino and Associates to bring you a structured learning curriculum for IT audit. The courses are designed to build on skills developed from prior knowledge or training. Auditors can choose between the complete series or pick and choose specific course depending on both needs as well as budgetary financial constraints.

We are making the Webinar recordings available to subscribers. 

Protiviti KnowledgeLeader Internal Audit Community is a web-based internal auditing tool that will help you identify risks, develop best practices and add value to your organization. We give you internal audit tools, checklists, and templates as well as news and updates on the latest business risks and controls.

CobIT which are the Control Objectives for Information Technology from ISACA are online. The Executive Summary, the framework and the Control Objectives are available for download in Adobe Acrobat (pdf) format.

COBIT Listserv (COBIT-List) created to facilitate discussion about COBIT among members, ISACA has created a COBIT listserv. By exchanging knowledge through the listserv, subscribers are sure to find answers to their questions and advice for improving implementation procedures. Subscribe to the COBIT listserv by sending an email message to join-COBIT-L@share.isaca.org SUBJECT: (leave blank) BODY OF MESSAGE: (leave blank). You will receive an acknowledgment and instructions on how to unsubscribe by email.

Central Indiana Chapter ISACA created a list for information systems auditors called CISACA-L. The list is meant to encourage professional discussion and is open to all information system auditors. To subscribe send an email to majordomo@purdue.edu with SUBJECT: (leave blank)
BODY OF MESSAGE: SUBSCRIBE CISACA-L

Global Technology Audit Guides The IIA produced a series of publications with guidance on information technology. Written primarily for the chief internal audit executive (CAE) and audit supervisors, the guides address concerns of the board of directors and chief-level executives.

• NEW GTAG! Assessing Cybersecurity Risk: Roles of the Three Lines of Defense	September 2016​
  ​NEW GTAG! Auditing Smart Devices: An Internal Auditor's Guide to Understanding and Auditing Smart Devices	August 2016​
  GTAG 17: Auditing IT Governance​	July 2012​
  GTAG 16: Data Analysis Technologies	August 2011
  GTAG 15: Information Security Governance	June 2010​​​
  GTAG 14: Auditing User-developed Applications​	June 2010​
  GTAG 13: Fraud Prevention and Detection in an Automated World	December 2009​​
  GTAG 12: Auditing IT Projects	March 2009​​
  GTAG 11: Developing the IT Audit Plan	January 2009​​
  GTAG 10: Business Continuity Management	January 2009​​
  GTAG 9: Identity and Access Management	January 2009​​
  GTAG 8: Auditing Application Controls	January 2009​​
  GTAG 7: Information Technology Outsourcing, 2nd Edition	June 2012
  GTAG 6: Managing and Auditing IT Vulnerabilities PLEASE NOTE: GTAG 6 has been deleted from the IPPF. Some of its concepts are combined with the 2nd edition of GTAG 4.	DELETED January 2013
  GTAG 5: Managing and Auditing Privacy Risks PLEASE NOTE: GTAG 5 has been replaced by the Auditing Privacy Risks, 2nd Edition Practice Guide.	REPLACED July 2012
  GTAG 4: Management of IT Auditing, 2nd Edition	January 2013
  GTAG 3: Continuous Auditing: Coordinating Continuous Auditing and Monitoring to Provide Continuous Assurance, 2nd Edition	March 2015
  GTAG 2: Change and Patch Management Controls: Critical for Organizational Success, 2nd Edition	March 2012​​
  GTAG 1: Information Technology Risk and Controls, 2nd Edition	March 2012

IS Audit and Security Review Kits includes ready-to-use IS/IT audit program and security review kits. The kits contain a statement of purpose, scope, review steps, and/or a set of questions organized to lead you through the audit or review. This is an excellent site for jumpstarting an IS security review or audit.

IS Audit and Assurance Standards -procedures for Information Systems Auditing from ISACA

Information Systems Auditing: Tools and Techniques

IT Standards, Guidelines, and Tools and Techniques for Audit and Assurance and Control Professionals  - from ISACA

IT & Information Governance Resources  - T2P bridges the gaps between IT governance and practice, technology and business, regulation and control, risk management and market pressures, and the knowledge of you and your peers.