Verfügbarkeit: Information technology control and audit

Information technology control and audit:

Gespeichert in:

Bibliographische Detailangaben
Hauptverfasser:	Senft, Sandra (VerfasserIn), Gallegos, Frederick (VerfasserIn), Davis, Aleksandra (VerfasserIn)
Format:	Buch
Sprache:	English
Veröffentlicht:	Boca Raton, Fla. [u.a.] CRC Press 2013
Ausgabe:	4. ed.
Schlagworte:	Information technology > Auditing > Handbooks, manuals, etc COMPUTERS / Information Technology COMPUTERS / Security / General Informationstechnik Revision > Wirtschaft
Online-Zugang:	Cover image Inhaltsverzeichnis
Beschreibung:	Includes bibliographical references and index
Beschreibung:	XXXV, 740 S. Ill., graph. Darst.
ISBN:	9781439893203

Internformat

MARC


LEADER	00000nam a2200000zc 4500
001	BV040427894
003	DE-604
005	00000000000000.0
007	t
008	120920s2013 xxuad\|\| \|\|\|\| 00\|\|\| eng d
010			\|a 2012015695
020			\|a 9781439893203 \|c hardback \|9 978-1-4398-9320-3
035			\|a (OCoLC)815925953
035			\|a (DE-599)BVBBV040427894
040			\|a DE-604 \|b ger \|e aacr
041	0		\|a eng
044			\|a xxu \|c US
049			\|a DE-1050
050		0	\|a T58.5
082	0		\|a 658.4/038
084			\|a SR 860 \|0 (DE-625)143367: \|2 rvk
100	1		\|a Senft, Sandra \|e Verfasser \|4 aut
245	1	0	\|a Information technology control and audit \|c Sandra Senft ; Frederick Gallegos ; Aleksandra Davis
250			\|a 4. ed.
264		1	\|a Boca Raton, Fla. [u.a.] \|b CRC Press \|c 2013
300			\|a XXXV, 740 S. \|b Ill., graph. Darst.
336			\|b txt \|2 rdacontent
337			\|b n \|2 rdamedia
338			\|b nc \|2 rdacarrier
500			\|a Includes bibliographical references and index
650		4	\|a Information technology \|x Auditing \|v Handbooks, manuals, etc
650		7	\|a COMPUTERS / Information Technology \|2 bisacsh
650		7	\|a COMPUTERS / Security / General \|2 bisacsh
650	0	7	\|a Informationstechnik \|0 (DE-588)4026926-7 \|2 gnd \|9 rswk-swf
650	0	7	\|a Revision \|g Wirtschaft \|0 (DE-588)4049674-0 \|2 gnd \|9 rswk-swf
689	0	0	\|a Informationstechnik \|0 (DE-588)4026926-7 \|D s
689	0	1	\|a Revision \|g Wirtschaft \|0 (DE-588)4049674-0 \|D s
689	0		\|5 DE-604
700	1		\|a Gallegos, Frederick \|e Verfasser \|4 aut
700	1		\|a Davis, Aleksandra \|e Verfasser \|4 aut
856	4		\|u http://jacketsearch.tandf.co.uk/common/jackets/covers/websmall/978143989/9781439893203.jpg \|3 Cover image
856	4	2	\|m HBZ Datenaustausch \|q application/pdf \|u http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=025280450&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA \|3 Inhaltsverzeichnis
999			\|a oai:aleph.bib-bvb.de:BVB01-025280450

Datensatz im Suchindex

_version_	1804149489471062016
adam_text	Titel: Information technology control and audit Autor: Senft, Sandra Jahr: 2013 Contents Preface..............................................................................................................................xxix Acknowledgments............................................................................................................xxxi Authors...........................................................................................................................xxxiii SECTION I A FOUNDATION FOR IT AUDIT AND CONTROL 1 Information Technology Environment: Why Are Controls and Audit Important?....................................................................................................................3 IT Today and Tomorrow...................................................................................................5 Information Integrity, Reliability, and Validity: Importance in Today s Global Business Environment........................................................................................................6 Control and Audit: A Global Concern...............................................................................7 E-Commerce and Electronic Funds Transfer.....................................................................8 Future of Electronic Payment Systems...............................................................................9 Legal Issues Impacting IT..................................................................................................9 Federal Financial Integrity Legislation..............................................................................10 Federal Security Legislation..............................................................................................11 Computer Fraud and Abuse Act..............................................................................11 Computer Security Act of 1987.............................................................................. 12 Privacy on the Information Superhighway....................................................................... 12 Privacy Legislation and the Federal Government Privacy Act...........................................13 Electronic Communications Privacy Act.................................................................13 Communications Decency Act of 1995...................................................................14 Health Insurance Portability and Accountability Act of 1996.................................14 Security, Privacy, and Audit..............................................................................................14 Conclusion........................................................................................................................15 Review Questions.............................................................................................................17 Multiple-Choice Questions...............................................................................................17 Exercises...........................................................................................................................18 Answers to Multiple-Choice Questions.............................................................................19 Further Reading................................................................................................................19 The Legal Environment and Its Impact on Information Technology.........................21 IT Crime Issues................................................................................................................21 Protection against Computer Fraud.................................................................................24 Computer Fraud and Abuse Act.......................................................................................24 Computer Abuse Amendments Act..................................................................................26 Sarbanes-Oxley Act (Public Law 107-204).............................................................26 Major Points from the Sarbanes-Oxley Act of 2002.....................................27 Criminal Intent.............................................................................................30 Penalties and Requirements under Title VIII of the Act................................30 Penalties and Requirements under Title IX of the Act...................................30 Remedies and Effectiveness...............................................................................................31 Legislation Providing for Civil and Criminal Penalties....................................................32 Computer Security Act of 1987........................................................................................33 Homeland Security Act of 2002......................................................................................34 Privacy on the Information Superhighway........................................................................35 National Strategy for Securing Cyberspace......................................................................36 Methods That Provide for Protection of Information.......................................................37 Web Copyright Law.........................................................................................................38 Privacy Legislation and the Federal Government Privacy Act..........................................38 Electronic Communications Privacy Act................................................................39 Communications Decency Act of 1995..................................................................40 Children s Online Privacy Protection Act...............................................................40 Encrypted Communications Privacy Act of 1996....................................................41 Health Insurance Portability and Accountability Act of 1996.................................41 HIPAA Compliance.......................................................................................41 Risk Assessment and Communications Act of 1997...............................................42 Gramm-Leach-BlileyActofl999.........................................................................42 USA Patriot Act of 2001.........................................................................................42 Internet Governance...............................................................................................42 Conclusion.......................................................................................................................43 Review Questions............................................................................................................44 Multiple-Choice Questions..............................................................................................44 Exercises...........................................................................................................................45 Answers to Multiple-Choice Questions............................................................................46 Further Reading...............................................................................................................46 Other Internet Sites..........................................................................................................47 Audit and Review: Their Role in Information Technology........................................49 The Situation and the Problem.........................................................................................49 Audit Standards................................................................................................................51 Similarities...............................................................................................................51 Differences...............................................................................................................51 Importance of Audit Independence...................................................................................51 Past and Current Accounting and Auditing Pronouncements...........................................52 AICPA Pronouncements: From the Beginning to Now.....................................................52 Other Standards...............................................................................................................55 Financial Auditing...........................................................................................................56 Generally Accepted Accounting Principles.......................................................................56 Generally Accepted Auditing Standards...........................................................................57 IT Auditing: What Is It?...................................................................................................57 Need for IT Audit Function.............................................................................................58 Auditors Have Standards of Practice................................................................................60 Auditors Must Have Independence..................................................................................60 High Ethical Standards....................................................................................................61 Auditor: Knowledge, Skills, and Abilities.........................................................................62 Broadest Experiences.......................................................................................................64 Supplemental Skills..........................................................................................................66 Note.......................................................................................................................66 Trial and Error.................................................................................................................66 Role of the IT Auditor......................................................................................................67 IT Auditor as Counselor.........................................................................................68 IT Auditor as Partner of Senior Management.........................................................68 IT Auditor as Investigator.......................................................................................69 Types of Auditors and Their Duties, Functions, and Responsibilities...............................70 Internal Audit Function..........................................................................................70 External Auditor.....................................................................................................71 Legal Implications...........................................................................................................71 Conclusion.......................................................................................................................72 Review Questions............................................................................................................72 Multiple-Choice Questions..............................................................................................73 Exercises...........................................................................................................................74 Answers to Multiple-Choice Questions............................................................................75 Further Reading...............................................................................................................75 Audit Process in an Information Technology Environment.......................................77 Audit Universe.................................................................................................................77 Risk Assessment...............................................................................................................78 Audit Plan........................................................................................................................79 Developing an Audit Schedule.........................................................................................80 Audit Budget...................................................................................................................80 Budget Coordination...............................................................................................81 Audit Preparation....................................................................................................81 Audit Scope Objectives............................................................................................81 Objective and Context......................................................................................................81 Using the Plan to Identify Problems................................................................................82 Audit Process...................................................................................................................83 Preliminary Review.........................................................................................................84 General Data Gathering..........................................................................................85 Fact Gathering.........................................................................................................85 Preliminary Evaluation of Internal Controls....................................................................86 Design Audit Procedures.................................................................................................86 Types of IT Audits..................................................................................................86 Reviewing Information System Policies, Procedures, and Standards.......................86 IT Audit Support of Financial Audits.....................................................................87 Identifying Financial Application Areas..................................................................87 Auditing Financial Applications.............................................................................87 Management of IT and Enterprise Architecture.....................................................88 Computerized Systems and Applications................................................................88 Information Processing Facilities............................................................................88 Systems Development.............................................................................................89 Client/Server, Telecommunications, Intranets, and Extranets................................89 Fieldwork and Implementing Audit Methodology...........................................................89 Test Controls..........................................................................................................90 Final Evaluation of Internal Controls.....................................................................90 Validation of Work Performed.........................................................................................90 Substantive Testing...........................................................................................................91 Documenting Results.......................................................................................................91 Audit Findings.........................................................................................................91 Analysis..................................................................................................................92 Reexamination........................................................................................................92 Standards.......................................................................................................93 Facts..............................................................................................................93 Verification.............................................................................................................93 Cause......................................................................................................................93 Exposure and Materiality........................................................................................94 Conclusions............................................................................................................95 Recommendations..................................................................................................95 Working Papers......................................................................................................95 Audit Report...........................................................................................................95 Follow-Up of Audit Recommendations...................................................................96 Communication Strategy.................................................................................................98 Conclusion.......................................................................................................................99 Review Questions.......................................................................................................... 100 Multiple-Choice Questions............................................................................................100 Exercises.........................................................................................................................101 Answers to Multiple-Choice Questions...........................................................................101 Further Reading..............................................................................................................102 Auditing IT Using Computer-Assisted Audit Tools and Techniques.......................103 Auditor Productivity Tools..............................................................................................104 Audit Planning and Tracking................................................................................104 Documentation and Presentations.........................................................................104 Communication....................................................................................................105 Data Management.................................................................................................105 Resource Management..........................................................................................106 Groupware.............................................................................................................106 Using Computer-Assisted Audit Tools in the Audit Process............................................106 Items of Audit Interest...........................................................................................108 Audit Mathematics................................................................................................108 Data Analysis.........................................................................................................109 Flowcharting Techniques................................................................................................109 Flowcharting as an Analysis Tool....................................................................................110 Understanding How Computers Process Data.......................................................112 Identifying Documents and Their Flow through the System.................................113 Defining Critical Data...........................................................................................114 Developing Audit Data Flow Diagrams.................................................................114 Evaluating the Quality of System Documentation.................................................114 Assessing Controls over Documents......................................................................115 Determining the Effectiveness of Processing under Computer Programs...............................................................................................................115 Evaluating the Usefulness of Reports.....................................................................115 Appropriateness of Flowcharting Techniques..................................................................115 Sampling...............................................................................................................116 Random Attribute Sampling........................................................................118 Variable Sampling Techniques......................................................................118 System Validation.........................................................................................118 Computer-Assisted Audit Tools and Techniques for Application Reviews.......................119 Generalized Audit Software...................................................................................119 Application Testing................................................................................................119 Designing Tests of Controls...................................................................................119 Data Analysis.........................................................................................................119 Compliance Testing..............................................................................................120 Application Controls............................................................................................120 Spreadsheet Controls....................................................................................121 Database Controls........................................................................................121 Computer-Assisted Audit Tools and Techniques for Operational Reviews..................... 123 Web Analysis Tools........................................................................................................ 127 Web Analysis Software as an Audit Tool........................................................................ 127 Computer Forensics.......................................................................................................128 Conclusion......................................................................................................................129 Review Questions...........................................................................................................129 Multiple-Choice Questions.............................................................................................129 Exercises.........................................................................................................................131 Answers to Multiple-Choice Questions...........................................................................131 Further Reading..............................................................................................................131 Managing IT Audit..................................................................................................133 IT Auditor Career Development and Planning...............................................................133 Establishing a Career Development Plan.......................................................................134 Career Path Planning Needs Management Support...............................................135 Knowledge, Skills, and Abilities............................................................................135 Performance Assessment....................................................................................... 136 Performance Counseling/Feedback........................................................................137 Training.................................................................................................................137 Professional Development......................................................................................138 Evaluating IT Audit Quality...........................................................................................141 Terms of Assessment.......................................................................................................142 IT Audit and Auditor Assessment Form..........................................................................142 Criteria for Assessing the Audit.......................................................................................145 Criteria for Assessing the Auditor....................................................................................145 Applying the Concept.....................................................................................................146 Evaluation of IT Audit Performance...............................................................................146 What Is a Best Practice?..................................................................................................147 Why Is It Important to Learn about Best Practices?..............................................147 Overview of Best Practices in IT Audit Planning..................................................148 Research................................................................................................................148 Benchmarking.......................................................................................................149 Planning Memo.....................................................................................................149 Budget Coordination.............................................................................................150 Risk Analysis.........................................................................................................150 Kick-Off Meeting..................................................................................................152 Staff Mentoring.....................................................................................................153 Coaching...............................................................................................................153 Lunch Meetings.....................................................................................................153 Understanding Requirements................................................................................153 Conclusion......................................................................................................................154 Review Questions...........................................................................................................155 Multiple-Choice Questions.............................................................................................155 Exercises.........................................................................................................................156 Answers to Multiple-Choice Questions...........................................................................157 Further Reading..............................................................................................................157 IT Auditing in the New Millennium........................................................................159 IT Auditing Trends.........................................................................................................160 New Dimension: Information Assurance........................................................................162 IT Audit: The Profession.................................................................................................163 A Common Body of Knowledge.....................................................................................163 Certification...................................................................................................................163 Continuing Education....................................................................................................164 A Code of Ethics and Professional Standards..................................................................164 Educational Curricula.....................................................................................................164 New Trends in Developing IT Auditors and Education..................................................165 Career Opportunities in the Twenty-First Century.........................................................173 Public Accounting..........................................................................................................173 Private Industry..............................................................................................................173 Management Consulting................................................................................................173 Government....................................................................................................................174 Role of the IT Auditor in IT Governance.......................................................................174 IT Auditor as Counselor........................................................................................175 IT Auditor as Partner of Senior Management........................................................175 Educating the Next Generation on IT Audit and Control Opportunities.......................176 Conclusion......................................................................................................................177 Review Questions...........................................................................................................177 Multiple-Choice Questions.............................................................................................178 Exercises.........................................................................................................................179 Answers to Multiple-Choice Questions...........................................................................179 Further Reading..............................................................................................................179 SECTION II AUDITING IT PLANNING AND ORGANIZATION 8 IT Governance..........................................................................................................187 IT Processes....................................................................................................................188 Enterprise Risk Management..........................................................................................189 What Is Enterprise Risk Management?..................................................................190 Organizational Oversight.............................................................................190 Increasing Business Risks.............................................................................190 Regulatory Issues..........................................................................................193 Market Factors.............................................................................................193 Corporate Governance.................................................................................194 Best Practice.................................................................................................194 Future of Enterprise Risk Management.................................................................195 Regulatory Compliance and Internal Controls...............................................................196 Performance Measurement.............................................................................................197 Balanced Scorecard................................................................................................197 Metrics and Management...............................................................................................198 Metric Reporting............................................................................................................198 Independent Assurance...................................................................................................199 Participation in IT Audit Planning.................................................................................199 Control Framework........................................................................................................201 Conclusion.....................................................................................................................202 Review Questions..........................................................................................................202 Multiple-Choice Questions............................................................................................202 Exercises........................................................................................................................204 Answers to Multiple-Choice Questions..........................................................................204 Further Reading.............................................................................................................204 9 Strategy and Standards............................................................................................207 IT Processes...................................................................................................................207 Strategic Planning..........................................................................................................208 IT Steering Committee...................................................................................................210 Communication....................................................................................................210 Operational Planning............................................................................................210 Portfolio Management....................................................................................................211 Demand Management....................................................................................................212 Project Initiation.............................................................................................................212 Technical Review............................................................................................................213 Architecture and Standards.............................................................................................213 Enterprise Architecture..........................................................................................213 Business Architecture.............................................................................................215 Application Architecture........................................................................................215 Information Architecture.......................................................................................216 Infrastructure Architecture....................................................................................216 The Architecture Function.....................................................................................216 Technology Standards...........................................................................................217 Focus on Technology.............................................................................................218 Resistance to Change.............................................................................................218 Barriers to User Adoption......................................................................................218 Conclusion.....................................................................................................................220 Review Questions..........................................................................................................220 Multiple-Choice Questions.............................................................................................221 Exercises........................................................................................................................222 Answers to Multiple-Choice Questions..........................................................................222 Further Reading.............................................................................................................222 10 Risk Management.....................................................................................................225 IT Processes...................................................................................................................225 What Is Risk Management?..................................................................................225 Determination of Objectives.................................................................................226 IT Risk Identification...........................................................................................227 IT Risk Assessment Tools and Techniques............................................................227 IT Risk Evaluation...............................................................................................228 IT Risk Management............................................................................................228 Risk Assessment.............................................................................................................230 Technology Risk Management......................................................................................230 An Example of Standards: Technology Risk Management Regulations....................................................................................................................232 Where Does Technology Risk Management Belong?.....................................................234 IT Insurance Risk...........................................................................................................235 Problems Addressed...............................................................................................235 Insurance Requirements.......................................................................................236 How to Determine IT Insurance Coverage....................................................................237 Reduction and Retention of Risks........................................................................238 Available Guidance........................................................................................................240 U.S. National Institute of Standards and Technology...........................................240 Government Accountability Office........................................................................241 American Institute of Certified Public Accountants..............................................241 Information Systems Audit and Control Association.............................................245 Institute of Internal Auditors.................................................................................245 Committee of Sponsoring Organizations of the Treadway Commission...............246 Conclusion.....................................................................................................................246 Review Questions...........................................................................................................247 Multiple-Choice Questions.............................................................................................247 Exercises........................................................................................................................248 Answers to Multiple-Choice Questions..........................................................................248 Further Reading..............................................................................................................249 11 Process and Quality Management............................................................................251 IT Processes....................................................................................................................252 Organizational Structure.......................................................................................252 Centralized...................................................................................................253 Decentralized...............................................................................................253 Combination of Centralized and Decentralized...........................................253 Shared Services.............................................................................................253 Coordinating Management.........................................................................254 Roles and Responsibilities..............................................................................................254 IT Management Responsibilities..........................................................................254 User Management Responsibilities.......................................................................254 Separation of Duties.......................................................................................................255 Resource Management....................................................................................................255 Managing Quality..........................................................................................................256 Quality Management Standards.....................................................................................256 Capability Maturity Model Integration.................................................................258 Software Engineering Institute..............................................................................259 How Maturity Correlates to Quality..............................................................................259 International Standards Organization 9000 Series...............................................260 ISO Accreditation........................................................................................262 Getting Started: ISO 9001..........................................................................263 Principal Themes of an ISO 9000 Review.............................................................265 IT Process Framework...................................................................................................266 Policies and Procedures.........................................................................................266 Comparing Processes and Procedures...................................................................266 Auditing Policies and Procedures....................................................................................267 Conclusion.....................................................................................................................268 Review Questions..........................................................................................................269 Multiple-Choice Questions............................................................................................269 Exercises.........................................................................................................................270 Answers to Multiple-Choice Questions...........................................................................270 Further Reading..............................................................................................................270 12 Financial Management.............................................................................................273 IT Processes...................................................................................................................273 Financial Management Framework................................................................................273 Investment Approval Process..........................................................................................274 Project Pricing................................................................................................................275 Realizing the Benefits from IT Investments....................................................................276 Financial Planning..........................................................................................................276 Operating Budget.................................................................................................277 Capital Budget......................................................................................................277 Track against Budget............................................................................................278 Identify and Allocate Costs............................................................................................278 Developing a Pricing Model.................................................................................280 Transfer Pricing..............................................................................................................281 Determining Charging Method......................................................................................281 Direct-Charge Method.........................................................................................282 Indirect-Charge Method.......................................................................................282 Allocations under Indirect-Charge Method..........................................................282 Determining Arm s-Length Price..........................................................................282 Cost Contribution Arrangements.........................................................................282 Structure of U.S. Guidance............................................................................................283 Pricing of Services.................................................................................................283 Benefit Test...........................................................................................................283 Integral Services and Nonintegral Services...........................................................283 Determining the Pricing for Integral Services.......................................................284 Determining the Pricing for Nonintegral Services................................................284 Documentation Requirements..............................................................................285 Implementing a Pricing Model.............................................................................285 Maintaining a Pricing Model................................................................................286 Measuring Consumption......................................................................................287 IT Asset Management....................................................................................................287 Benefits of IT Asset Management.........................................................................288 Tools.....................................................................................................................289 Understanding and Managing Costs....................................................................289 Refreshing Technology.........................................................................................290 Standardizing Technology....................................................................................290 Consolidating Infrastructure................................................................................290 Managing Demand and Service Levels..................................................................291 Standardizing Governance and Processes..............................................................291 Conclusion......................................................................................................................291 Review Questions..........................................................................................................292 Multiple-Choice Questions............................................................................................292 Exercises.........................................................................................................................293 Answers to Multiple-Choice Questions...........................................................................293 Further Reading..............................................................................................................293 SECTION III IT ACQUISITION AND IMPLEMENTATION 13 IT Project Management............................................................................................301 IT Processes...................................................................................................................302 Program Management..........................................................................................302 Program Management versus Project Management..............................................303 Project Management.............................................................................................303 Project Management Body of Knowledge......................................................................304 Project Management Framework..........................................................................304 Project Management.............................................................................................305 Resource Management.........................................................................................305 Project Planning...................................................................................................306 Project Tracking and Oversight............................................................................308 Project Management Tools...................................................................................309 Auditor s Role in the Project Management Process.........................................................312 Audit Risk Assessment...........................................................................................313 Audit Plan.............................................................................................................314 Project Management Process Review.....................................................................314 Project Management..............................................................................................314 Communication....................................................................................................315 Control Recommendations....................................................................................315 Example of Project Management Checkpoints and Tools in a Telecom Project...............316 Combating User Resistance to Telecommunications Project Implementation: Involve the User.....................................................................................................316 Project Management Tools: Project Management Software...................................317 Conclusion......................................................................................................................319 Review Questions..........................................................................................................320 Multiple-Choice Questions............................................................................................320 Exercises.........................................................................................................................321 Answers to Multiple-Choice Questions...........................................................................321 Further Reading..............................................................................................................321 14 Software Development and Implementation............................................................323 IT Processes...................................................................................................................323 Approaches to Software Development...........................................................................323 Software Development Process.......................................................................................325 Prototypes and Rapid Application Development............................................................325 End-User Development...................................................................................................325 Traditional Information Software Development............................................................326 Software Development Phases...............................................................................327 Analysis.......................................................................................................328 Design.........................................................................................................328 Construction...............................................................................................328 Testing..........................................................................................................329 System Documentation...............................................................................330 Implementation...........................................................................................330 System Implementation Process......................................................................................331 Implementation Approach.....................................................................................332 System Testing.......................................................................................................332 User Processes and Procedures...............................................................................333 Management Reports and Controls.......................................................................333 Problem Management/Reporting..........................................................................333 User Acceptance Testing.......................................................................................334 Acceptance Team.........................................................................................334 Agreed-Upon Requirements........................................................................334 Management Approval................................................................................334 Help Desk and Production Support Training and Readiness.........................................334 Data Conversion and Data Correction Processes...................................................335 Operational Procedures and Readiness.................................................................336 IT Disaster/Continuity Plans................................................................................336 Security.................................................................................................................337 Auditor s Role in the Development Process.....................................................................338 Risk Assessment.............................................................................................................340 Audit Plan......................................................................................................................340 Software Development Controls Review........................................................................341 Software Development Life Cycle..................................................................................341 Analysis................................................................................................................341 Design..................................................................................................................342 Construction........................................................................................................342 Testing..................................................................................................................342 Documentation....................................................................................................342 Implementation....................................................................................................343 Postimplementation..............................................................................................343 Change Control....................................................................................................343 Application Controls............................................................................................343 Communication...................................................................................................343 Recommendations................................................................................................344 Audit Report.........................................................................................................344 Conclusion......................................................................................................................345 Review Questions...........................................................................................................345 Multiple-Choice Questions............................................................................................346 Exercises........................................................................................................................347 Answers to Multiple-Choice Questions..........................................................................347 Further Reading.............................................................................................................347 15 ITSourcing..............................................................................................................349 IT Processes...................................................................................................................349 Sourcing Strategy...........................................................................................................349 Software Acquisition Process..........................................................................................350 Defining the Information and System Requirements.............................................351 Prototypes and Rapid Application Development............................................................351 Requirements Document................................................................................................352 Identifying Various Alternatives............................................................................352 Off-the-Shelf Solutions...................................................................................................352 Purchased Package..........................................................................................................353 Contracted Development................................................................................................353 Outsourcing a System from Another Organization.........................................................353 Performing a Feasibility Analysis...........................................................................354 Conducting a Risk Analysis...................................................................................354 Defining Ergonomic Requirements.......................................................................355 Carrying out the Selection Process........................................................................355 Request for Information..................................................................................................355 Request for Bid...............................................................................................................355 Request for Proposal.......................................................................................................355 Evaluating Proposals.......................................................................................................356 Procurement and Supplier Management.........................................................................357 Procuring the Selected Software............................................................................358 Other Considerations for Software Contracts and Licenses...................................359 Completing Final Acceptance................................................................................359 IT Contract Issues.........................................................................................................360 Strategic Sourcing and Supplier Management................................................................362 Audit Involvement................................................................................................363 Auditing Software Acquisitions.....................................................................................363 Alignment with the Company s Business and IT Strategy....................................364 Definition of the Information Requirements........................................................364 Prototypes......................................................................................................................364 Feasibility Studies (Cost, Benefits, etc.)................................................................364 Identification of Functionality, Operational, Acceptance, and Maintenance Requirements............................................................................365 Conformity with Existing Information and System Architectures........................366 Adherence to Security and Control Requirements................................................366 Knowledge of Available Solutions.........................................................................366 Understanding of the Related Acquisition and Implementation Methodologies......................................................................................................366 Involvement and Buy-In from the User..................................................................367 Supplier Requirements and Viability.....................................................................367 Audit Involvement................................................................................................368 Other Resources for Help and Assistance......................................................................368 Conclusion.....................................................................................................................369 Review Questions..........................................................................................................369 Multiple-Choice Questions.............................................................................................370 Exercises.........................................................................................................................371 Answers to Multiple-Choice Questions...........................................................................372 Further Reading..............................................................................................................372 16 Application Controls and Maintenance...................................................................375 IT Processes....................................................................................................................375 Application Risks............................................................................................................375 Weak Security........................................................................................................376 Unauthorized Access or Changes to Data or Programs.........................................377 Unauthorized Remote Access...............................................................................377 Inaccurate Information.........................................................................................377 Erroneous or Falsified Data Input..........................................................................378 Misuse by Authorized End Users...........................................................................378 Incomplete Processing...........................................................................................378 Duplicate Transaction Processing..........................................................................378 Untimely Processing..............................................................................................378 Communications System Failure...........................................................................378 Inadequate Testing................................................................................................378 Inadequate Training..............................................................................................379 Inadequate Support...............................................................................................379 Insufficient Documentation...................................................................................379 End-User Computing Application Risks................................................................379 Inefficient Use of Resources...................................................................................381 Incompatible Systems............................................................................................381 Redundant Systems...............................................................................................381 Ineffective Implementations...................................................................................381 Absence of Segregation of Duties..........................................................................382 Incomplete System Analysis..................................................................................382 Unauthorized Access to Data or Programs............................................................382 Copyright Violations............................................................................................382 Destruction of Information by Computer Viruses................................................383 Lack of Back-Up and Recovery Options...............................................................384 Electronic Data Interchange Application Risks..............................................................384 Implications of Risks in an Electronic Data Interchange System...................................................................................................................385 Application Controls......................................................................................................386 Input Controls......................................................................................................386 User Interface.......................................................................................................387 Interfaces..............................................................................................................387 Authenticity..........................................................................................................387 Accuracy...............................................................................................................387 Processing Controls..............................................................................................388 Completeness........................................................................................................388 Error Correction...................................................................................................390 Output Controls...................................................................................................390 Output Reconciliation..........................................................................................390 Output Distribution..............................................................................................391 Record Retention...................................................................................................391 Functional (Quality Assurance) and (User) Acceptance Testing............................391 Management Approval..........................................................................................391 Web-Based Application, Risks, and Controls..................................................................391 Documentation Requirements.......................................................................................394 Application Software Life Cycle.....................................................................................394 Application Maintenance...............................................................................................394 Application Maintenance: Defined.......................................................................394 Corrective Maintenance..................................................................................................395 Adaptive Maintenance....................................................................................................395 Perfective Maintenance...................................................................................................395 Measuring Risk for Application Maintenance......................................................396 Audit Involvement................................................................................................396 Conclusion.....................................................................................................................396 Review Questions..........................................................................................................397 Multiple-Choice Questions............................................................................................397 Exercises........................................................................................................................399 Answers to Multiple-Choice Questions..........................................................................399 Further Reading.............................................................................................................400 17 Change Management................................................................................................401 IT Processes....................................................................................................................401 Change Management......................................................................................................401 Importance of Change Control......................................................................................402 Change Control.............................................................................................................403 Change Management System.........................................................................................403 Change Request Process................................................................................................406 Impact Assessment.........................................................................................................406 Controls over Changes...................................................................................................406 Emergency Change Process............................................................................................407 Revisions to Documentation and Procedures.................................................................407 Authorized Maintenance...............................................................................................407 Software Release Policy..................................................................................................408 Software Distribution Process........................................................................................408 Change Management Tools...........................................................................................409 Change Management Procedures....................................................................................410 Objectives..............................................................................................................410 Scope.....................................................................................................................410 Change Management Boards or Committees........................................................411 Criteria for Approving Changes.............................................................................411 Postimplementation...............................................................................................412 Points of Change Origination and Initiation.........................................................413 Approval Points.....................................................................................................415 Changes to Documentation...................................................................................416 Review Points........................................................................................................416 Configuration Management...........................................................................................416 Organizational Change Management.............................................................................417 Organizational Culture Defined.....................................................................................417 Managing Organizational Change.......................................................................420 Audit Involvement.........................................................................................................420 Conclusion.....................................................................................................................422 Review Questions..........................................................................................................423 Multiple-Choice Questions............................................................................................423 Exercises........................................................................................................................424 Answers to Multiple-Choice Questions..........................................................................425 Further Reading.............................................................................................................425 SECTION IV IT DELIVERY AND SUPPORT 18 Service Management................................................................................................433 IT Processes...................................................................................................................433 Information Technology Infrastructure Library.............................................................433 Implementing IT Service Management...........................................................................435 Review Services and Requirements.................................................................................435 Define IT Services.........................................................................................................436 Service-Level Agreements..............................................................................................436 Types of Service-Level Agreements.......................................................................436 Customer Service-Level Agreement.....................................................................437 Operating-Level Agreement..................................................................................437 Supplier Service-Level Agreements......................................................................438 Service Design and Pricing............................................................................................438 Processes to Engage Services..........................................................................................439 Roles and Responsibilities..............................................................................................440 Relationship Management....................................................................................440 Service Management.............................................................................................440 Financial Management.........................................................................................440 Supplier Management...........................................................................................441 Service Delivery....................................................................................................441 Change Management............................................................................................441 Problem Management...........................................................................................441 Service Desk.........................................................................................................442 Security Administration.......................................................................................442 Customer Roles and Responsibilities....................................................................442 Communication...................................................................................................442 Service Delivery and Monitoring..........................................................................443 Service Measurement............................................................................................443 What to Measure..................................................................................................443 How to Measure...................................................................................................444 Service Management Tools...................................................................................445 Customer Satisfaction Surveys..............................................................................446 Benchmarking......................................................................................................446 Ongoing Service Management.......................................................................................447 Service Management of Third Parties............................................................................447 Evolution of Standards...................................................................................................448 Conclusion.....................................................................................................................449 Review Questions..........................................................................................................449 Multiple-Choice Questions............................................................................................449 Exercises.........................................................................................................................450 Answers to Multiple-Choice Questions...........................................................................451 Further Reading..............................................................................................................451 19 Service Desk and Problem Management..................................................................453 IT Processes....................................................................................................................453 Training..........................................................................................................................454 Service Desk...................................................................................................................455 Support Structures.................................................................................................456 Outsourcing...........................................................................................................456 Knowledge Management.......................................................................................457 Reporting..............................................................................................................457 Tools......................................................................................................................457 Incident and Problem Management................................................................................459 Incident Management............................................................................................459 Problem Management............................................................................................459 Roles and Responsibilities......................................................................................459 Procedures............................................................................................................460 Problem Severity...................................................................................................460 Problem Escalation................................................................................................461 Root Cause Analysis..............................................................................................461 Service Improvement Programs.............................................................................461 Tools......................................................................................................................461 Problem Reporting................................................................................................461 Case Example: Acme Computing Services Business.......................................................462 Purpose.................................................................................................................462 Scope....................................................................................................................462 Objectives.............................................................................................................463 Key Success Factors..............................................................................................463 Conclusion.....................................................................................................................463 Review Questions..........................................................................................................464 Multiple-Choice Questions............................................................................................464 Exercises.........................................................................................................................465 Answers to Multiple-Choice Questions...........................................................................465 Further Reading..............................................................................................................465 20 Security and Service Continuity..............................................................................467 IT Processes...................................................................................................................468 Information Systems Security........................................................................................468 Security Threats and Risks.............................................................................................469 Security Standards..........................................................................................................474 International Organization for Standardization and ISO 27002............................474 National Institute of Standards and Technology....................................................475 Information Security Controls........................................................................................476 Return on Investments (ROI) in Security..............................................................476 Security Architecture............................................................................................477 Information Security Policy..................................................................................477 Roles and Responsibilities.....................................................................................477 Information Owner Responsibilities..............................................................................477 Information Custodian Responsibilities..........................................................................478 User Responsibilities.......................................................................................................478 Third-Party Responsibilities............................................................................................478 Information Classification Designations.........................................................................478 Vulnerability Management....................................................................................479 Threat Management...............................................................................................479 Trust Management...............................................................................................480 Identity Management...........................................................................................480 Security Monitoring..............................................................................................481 Incident Management............................................................................................481 Contingency and Disaster Recovery Planning...............................................................482 Risk Assessment/Priorities....................................................................................483 Planning/Testing/Maintenance............................................................................483 Disaster Recovery Planning Steps.........................................................................483 Written Disaster Recovery Plan.....................................................................................484 Mission Statement for Disaster Recovery Plan...............................................................484 Disaster Recovery Plan Tests and Drill..........................................................................484 Conclusion.....................................................................................................................485 Review Questions..........................................................................................................485 Multiple-Choice Questions............................................................................................486 Exercises........................................................................................................................487 Answers to Multiple-Choice Questions..........................................................................487 Further Reading.............................................................................................................487 21 System Management.................................................................................................491 IT Processes....................................................................................................................492 Systems Software............................................................................................................492 Types and Uses of System Software.......................................................................493 System Software...........................................................................................493 System Utility Software...............................................................................494 Program Library Systems.............................................................................494 File Management Systems...........................................................................494 Security Software........................................................................................494 Data Communications Systems....................................................................495 Database Management System.....................................................................495 Controlling Access to Systems Software......................................................496 Controlling Changes to System Software....................................................496 Systems Maintenance.....................................................................................................496 Database Technology.....................................................................................................497 Hierarchical Data Model......................................................................................497 Network Data Model.............................................................................................498 Relational Data Model..........................................................................................498 Object-Oriented Model.........................................................................................498 Combining Technologies......................................................................................499 Distributed Databases...........................................................................................499 Database Management Systems Recovery......................................................................499 Recovery Process...................................................................................................500 Transaction Properties..........................................................................................500 Causes of Database Management Systems Failure.................................................501 Database Users.....................................................................................................502 Database Administrator........................................................................................502 Applications and Systems Programmers................................................................502 Web Designers and Developers.............................................................................502 End Users.............................................................................................................503 Capacity Management...................................................................................................503 Server Virtualization......................................................................................................504 Conclusion.....................................................................................................................505 Review Questions..........................................................................................................505 Multiple-Choice Questions............................................................................................506 Exercises........................................................................................................................507 Answers to Multiple-Choice Questions..........................................................................507 Further Reading.............................................................................................................507 22 Operations Management..........................................................................................509 IT Processes...................................................................................................................509 Operational Maturity.....................................................................................................510 Operating Policy and Procedures....................................................................................510 Data Files and Program Controls....................................................................................511 Physical Security and Access Controls............................................................................511 Environmental Controls.................................................................................................512 Output Controls.............................................................................................................514 Data Communications Controls.....................................................................................515 Data Center Reviews......................................................... ...........................................516 Software and Data Security Controls..............................................................................517 Physical and Environmental Controls Management.......................................................517 Data Access Management...............................................................................................517 Policy and Procedures Documentation...........................................................................517 Data and Software Backup Management........................................................................518 Other Management Controls..........................................................................................518 End-User Computing.....................................................................................................518 Auditing End-User Computing.............................................................................518 Preliminary Audit Planning...................................................................................519 Defining the Audit Methodology..........................................................................519 Defining the Scope and Content of the Audit........................................................519 Audit Plan.............................................................................................................519 Reviewing End-User Computing Group s Procedures and Objectives..............................................................................................................520 Evaluating End-User Computing Group s Effectiveness by Reviewing Their Documentation............................................................................................520 Audit Testing.........................................................................................................521 Audit Report..........................................................................................................521 Conclusion......................................................................................................................521 Review Questions...........................................................................................................522 Multiple-Choice Questions.............................................................................................522 Exercises.........................................................................................................................524 Answers to Multiple-Choice Questions...........................................................................524 Further Reading..............................................................................................................524 SECTION V ADVANCED TOPICS 23 Virtual Environment................................................................................................527 Virtual Environment......................................................................................................527 Cloud Computing...........................................................................................................529 Deployment Models..............................................................................................529 Service Delivery Models........................................................................................531 Key Benefits of Cloud Computing.........................................................................532 Mobile Computing.........................................................................................................533 Areas of Control and Risk Issues..........................................................................534 IT Operations Issues in Network Installation.................................................................537 Types of WANs...............................................................................................................539 Elements of WANs........................................................................................................540 Access Methods....................................................................................................540 Connective Devices..............................................................................................540 Bridges........................................................................................................540 Routers.........................................................................................................541 Protocols................................................................................................................541 Network Services...................................................................................................541 Frame Relay Network Services....................................................................542 ATM Network Services...............................................................................542 Network Management Systems.............................................................................542 Network Topologies..............................................................................................542 Star Topology..............................................................................................542 Ring Topology.............................................................................................544 Bus Topology...............................................................................................544 Mesh Topology............................................................................................544 Hybrid Topology.........................................................................................544 Tools for Network Monitoring.......................................................................................544 Protocol Analyzers................................................................................................544 WAN Protocol Analyzers.............................................................................545 Network Monitors.................................................................................................545 Network Management Software............................................................................545 General Statistical Tools.......................................................................................546 Hybrids.................................................................................................................546 Internet, Intranet, and Extranet.....................................................................................546 Intranet Definition and Components...................................................................546 Intranet Benefits and Obstacles............................................................................547 Intranet Trends.....................................................................................................548 Conclusion.....................................................................................................................549 Review Questions...........................................................................................................550 Multiple-Choice Questions.............................................................................................551 Exercises.........................................................................................................................552 Answers to Multiple-Choice Questions...........................................................................552 Further Reading..............................................................................................................552 24 Virtual Infrastructure Security and Risks...............................................................555 Information Flows in the Current Marketplace..............................................................555 Interconnected Systems and E-Commerce......................................................................556 Battleground: The Internet.............................................................................................557 Tools...............................................................................................................................558 Scanners................................................................................................................558 Password Crackers.................................................................................................559 Trojan Horse.........................................................................................................560 Sniffers...................................................................................................................561 Destructive Devices...............................................................................................561 E-Mail Bombs and Worms..........................................................................562 Denial-of-Service Attacks............................................................................562 Viruses.........................................................................................................563 Exploiting the TCP/IP Holes.........................................................................................564 IP Spoofing............................................................................................................565 LAN Security Issues: Wired versus Wireless.........................................................566 Physical Security: Site Control and Management........................................566 User Authentication..............................................................................................566 Eavesdropping Countermeasures.................................................................566 Why WLANs Are More Secure....................................................................567 Spread-Spectrum Technology.......................................................................567 Station Authentication..................................................................................567 Physical Security..........................................................................................568 Network Management Control Issues.........................................................568 Recommendation to IT Auditors, Security, and IT Professionals...................................569 Intranet/Extranet Security..............................................................................................570 Technology Tactics Used to Protect Networks.......................................................570 Network Security Products....................................................................................571 Wireless Technology.......................................................................................................573 For Wireless: Key Audit and Security Checkpoints................................................574 IEEE 802.Hi Robust Security Network Standard.................................................574 Identity Theft..................................................................................................................574 Conclusions....................................................................................................................575 Review Questions...........................................................................................................575 Multiple-Choice Questions.............................................................................................576 Exercises........................................................................................................................577 Answers to Multiple-Choice Questions..........................................................................577 Further Reading.............................................................................................................577 Internet References.........................................................................................................578 25 Virtual Application Security and Risks....................................................................581 E-Commerce Application Security as a Strategic and Structural Problem.......................581 Information Security Management Systems...................................................................582 Planning and Control Approach to E-Commerce Security Management......................582 Strategic Aspect....................................................................................................582 Organizational Aspect...........................................................................................583 Technical Aspect....................................................................................................583 Financial Aspect...................................................................................................584 Legal Aspect.........................................................................................................584 Web Application Risks...................................................................................................584 Perceived Risks......................................................................................................585 Internet Security.............................................................................................................585 Security Tools and Technologies............................................................................585 Encryption Technologies..............................................................................585 Security Policies and Procedures..................................................................586 Internet Firewalls.........................................................................................588 Internet Firewall Configurations: Bastion Host....................................................589 Choke Router/Screened Host......................................................................589 Firewalls in a Partitioned Network.......................................................................590 Web Programming Language Risks.......................................................................591 Practical Web Security Solutions...........................................................................591 Backdoor Connection...................................................................................592 Network Firewall..........................................................................................592 Pseudofirewall..............................................................................................592 Case Example: GMA Business Overview and Profile......................................................593 IT Solutions for GMA...........................................................................................594 Major E-Commerce Security Implementation Issues at GMA...............................594 Awareness Assessment...................................................................................594 Implementing Risk Analysis and Controls at GMA....................................596 Cloud Computing Security.............................................................................................597 Mobile Computing Security..........................................................................................600 Conclusion......................................................................................................................601 Review Questions..........................................................................................................602 Multiple-Choice Questions............................................................................................602 Exercises........................................................................................................................603 Answers to Multiple-Choice Questions..........................................................................603 Further Reading.............................................................................................................604 26 Enterprise Resource Planning..................................................................................605 ERP Solutions................................................................................................................605 Benefits of ERP Solutions..............................................................................................605 Key Risks of ERP Solutions...........................................................................................606 Implementing ERP Systems...........................................................................................607 Corporate Culture................................................................................................607 Process Change.....................................................................................................607 Enterprise Communication..................................................................................607 Management Support...........................................................................................608 ERP Project Manager Competence......................................................................608 ERP Team............................................................................................................608 Project Methodology............................................................................................609 Training................................................................................................................609 Institutional Commitment to Change..................................................................609 ERP Data Warehouse....................................................................................................609 Trends in Data Warehousing.................................................................................610 Backup and Recovery of the Data Warehouse.......................................................610 Data Warehouse Integrity Checklist......................................................................611 Example of Security and Controls in SAP ERP.....................................................612 Establishing Security and Controls in SAP ERP...................................................612 Security Features of the Basis Component.............................................................612 Summary of Access Control..................................................................................613 Administrative Controls........................................................................................613 Accountability.......................................................................................................613 Access Control.......................................................................................................614 Confidentiality, Integrity, and Security Management............................................614 EDI and Internet Security.....................................................................................615 Conclusion......................................................................................................................615 Review Questions...........................................................................................................615 Multiple-Choice Questions.............................................................................................616 Exercises.........................................................................................................................617 Answers to Multiple-Choice Questions...........................................................................617 Further Reading..............................................................................................................617 Appendix I: Information Technology Audit Cases............................................................619 Appendix II: Bibliography of Selected Publications for Information Technology Auditors.........................................................................................................627 Appendix III: Professional Standards That Apply to Information Technology (Audit, Security, and Privacy Issues).................................................................................639 Appendix IV: Glossary......................................................................................................651 Appendix V: Sample Audit Programs................................................................................695 Index.................................................................................................................................719
any_adam_object	1
author	Senft, Sandra Gallegos, Frederick Davis, Aleksandra
author_facet	Senft, Sandra Gallegos, Frederick Davis, Aleksandra
author_role	aut aut aut
author_sort	Senft, Sandra
author_variant	s s ss f g fg a d ad
building	Verbundindex
bvnumber	BV040427894
callnumber-first	T - Technology
callnumber-label	T58
callnumber-raw	T58.5
callnumber-search	T58.5
callnumber-sort	T 258.5
callnumber-subject	T - General Technology
classification_rvk	SR 860
ctrlnum	(OCoLC)815925953 (DE-599)BVBBV040427894
dewey-full	658.4/038
dewey-hundreds	600 - Technology (Applied sciences)
dewey-ones	658 - General management
dewey-raw	658.4/038
dewey-search	658.4/038
dewey-sort	3658.4 238
dewey-tens	650 - Management and auxiliary services
discipline	Informatik Wirtschaftswissenschaften
edition	4. ed.
format	Book
fullrecord	<?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>01949nam a2200481zc 4500</leader><controlfield tag="001">BV040427894</controlfield><controlfield tag="003">DE-604</controlfield><controlfield tag="005">00000000000000.0</controlfield><controlfield tag="007">t</controlfield><controlfield tag="008">120920s2013 xxuad\|\| \|\|\|\| 00\|\|\| eng d</controlfield><datafield tag="010" ind1=" " ind2=" "><subfield code="a">2012015695</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9781439893203</subfield><subfield code="c">hardback</subfield><subfield code="9">978-1-4398-9320-3</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)815925953</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)BVBBV040427894</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-604</subfield><subfield code="b">ger</subfield><subfield code="e">aacr</subfield></datafield><datafield tag="041" ind1="0" ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="044" ind1=" " ind2=" "><subfield code="a">xxu</subfield><subfield code="c">US</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-1050</subfield></datafield><datafield tag="050" ind1=" " ind2="0"><subfield code="a">T58.5</subfield></datafield><datafield tag="082" ind1="0" ind2=" "><subfield code="a">658.4/038</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">SR 860</subfield><subfield code="0">(DE-625)143367:</subfield><subfield code="2">rvk</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Senft, Sandra</subfield><subfield code="e">Verfasser</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Information technology control and audit</subfield><subfield code="c">Sandra Senft ; Frederick Gallegos ; Aleksandra Davis</subfield></datafield><datafield tag="250" ind1=" " ind2=" "><subfield code="a">4. ed.</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Boca Raton, Fla. [u.a.]</subfield><subfield code="b">CRC Press</subfield><subfield code="c">2013</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">XXXV, 740 S.</subfield><subfield code="b">Ill., graph. Darst.</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="b">n</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="b">nc</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a">Includes bibliographical references and index</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Information technology</subfield><subfield code="x">Auditing</subfield><subfield code="v">Handbooks, manuals, etc</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">COMPUTERS / Information Technology</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">COMPUTERS / Security / General</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Informationstechnik</subfield><subfield code="0">(DE-588)4026926-7</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="650" ind1="0" ind2="7"><subfield code="a">Revision</subfield><subfield code="g">Wirtschaft</subfield><subfield code="0">(DE-588)4049674-0</subfield><subfield code="2">gnd</subfield><subfield code="9">rswk-swf</subfield></datafield><datafield tag="689" ind1="0" ind2="0"><subfield code="a">Informationstechnik</subfield><subfield code="0">(DE-588)4026926-7</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2="1"><subfield code="a">Revision</subfield><subfield code="g">Wirtschaft</subfield><subfield code="0">(DE-588)4049674-0</subfield><subfield code="D">s</subfield></datafield><datafield tag="689" ind1="0" ind2=" "><subfield code="5">DE-604</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Gallegos, Frederick</subfield><subfield code="e">Verfasser</subfield><subfield code="4">aut</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Davis, Aleksandra</subfield><subfield code="e">Verfasser</subfield><subfield code="4">aut</subfield></datafield><datafield tag="856" ind1="4" ind2=" "><subfield code="u">http://jacketsearch.tandf.co.uk/common/jackets/covers/websmall/978143989/9781439893203.jpg</subfield><subfield code="3">Cover image</subfield></datafield><datafield tag="856" ind1="4" ind2="2"><subfield code="m">HBZ Datenaustausch</subfield><subfield code="q">application/pdf</subfield><subfield code="u">http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=025280450&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA</subfield><subfield code="3">Inhaltsverzeichnis</subfield></datafield><datafield tag="999" ind1=" " ind2=" "><subfield code="a">oai:aleph.bib-bvb.de:BVB01-025280450</subfield></datafield></record></collection>
id	DE-604.BV040427894
illustrated	Illustrated
indexdate	2024-07-10T00:23:51Z
institution	BVB
isbn	9781439893203
language	English
lccn	2012015695
oai_aleph_id	oai:aleph.bib-bvb.de:BVB01-025280450
oclc_num	815925953
open_access_boolean
owner	DE-1050
owner_facet	DE-1050
physical	XXXV, 740 S. Ill., graph. Darst.
publishDate	2013
publishDateSearch	2013
publishDateSort	2013
publisher	CRC Press
record_format	marc
spelling	Senft, Sandra Verfasser aut Information technology control and audit Sandra Senft ; Frederick Gallegos ; Aleksandra Davis 4. ed. Boca Raton, Fla. [u.a.] CRC Press 2013 XXXV, 740 S. Ill., graph. Darst. txt rdacontent n rdamedia nc rdacarrier Includes bibliographical references and index Information technology Auditing Handbooks, manuals, etc COMPUTERS / Information Technology bisacsh COMPUTERS / Security / General bisacsh Informationstechnik (DE-588)4026926-7 gnd rswk-swf Revision Wirtschaft (DE-588)4049674-0 gnd rswk-swf Informationstechnik (DE-588)4026926-7 s Revision Wirtschaft (DE-588)4049674-0 s DE-604 Gallegos, Frederick Verfasser aut Davis, Aleksandra Verfasser aut http://jacketsearch.tandf.co.uk/common/jackets/covers/websmall/978143989/9781439893203.jpg Cover image HBZ Datenaustausch application/pdf http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=025280450&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA Inhaltsverzeichnis
spellingShingle	Senft, Sandra Gallegos, Frederick Davis, Aleksandra Information technology control and audit Information technology Auditing Handbooks, manuals, etc COMPUTERS / Information Technology bisacsh COMPUTERS / Security / General bisacsh Informationstechnik (DE-588)4026926-7 gnd Revision Wirtschaft (DE-588)4049674-0 gnd
subject_GND	(DE-588)4026926-7 (DE-588)4049674-0
title	Information technology control and audit
title_auth	Information technology control and audit
title_exact_search	Information technology control and audit
title_full	Information technology control and audit Sandra Senft ; Frederick Gallegos ; Aleksandra Davis
title_fullStr	Information technology control and audit Sandra Senft ; Frederick Gallegos ; Aleksandra Davis
title_full_unstemmed	Information technology control and audit Sandra Senft ; Frederick Gallegos ; Aleksandra Davis
title_short	Information technology control and audit
title_sort	information technology control and audit
topic	Information technology Auditing Handbooks, manuals, etc COMPUTERS / Information Technology bisacsh COMPUTERS / Security / General bisacsh Informationstechnik (DE-588)4026926-7 gnd Revision Wirtschaft (DE-588)4049674-0 gnd
topic_facet	Information technology Auditing Handbooks, manuals, etc COMPUTERS / Information Technology COMPUTERS / Security / General Informationstechnik Revision Wirtschaft
url	http://jacketsearch.tandf.co.uk/common/jackets/covers/websmall/978143989/9781439893203.jpg http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=025280450&sequence=000002&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA
work_keys_str_mv	AT senftsandra informationtechnologycontrolandaudit AT gallegosfrederick informationtechnologycontrolandaudit AT davisaleksandra informationtechnologycontrolandaudit

Verfügbarkeit

Es ist kein Print-Exemplar vorhanden.

Fernleihe Bestellen Achtung: Nicht im THWS-Bestand! Inhaltsverzeichnis

MARC

Datensatz im Suchindex

Es ist kein Print-Exemplar vorhanden.

Ähnliche Einträge