INFORMATION SYSTEMS AUDITING (GREEK)
AUTHOR: John Kyriazoglou
This book provides a set of techniques for conducting audits in ITC Systems, and a system (a methodology, the conceptual organizational tools, etc.) to be followed in audits, to document and describe the IT audit areas and associated control measures, assessed during the audit process by IT Auditors. The book is made up of 3 parts, as outlined next:
Part A: Development & Operation of Information Systems.
Chapter 1: Definition and description of the “Life-cycle development” process of information systems and of the 4 stages of development and operation of computerized systems.
Chapter 2: Description of the steps making up stage 1 (needs analysis), of the “life-cycle development” process.
Appendices
AUTHOR: John Kyriazoglou
Published by ANUBIS Publications (www.anubis.gr),
Athens, Greece, 2001.
SUMMARY
This book provides a set of techniques for conducting audits in ITC Systems, and a system (a methodology, the conceptual organizational tools, etc.) to be followed in audits, to document and describe the IT audit areas and associated control measures, assessed during the audit process by IT Auditors. The book is made up of 3 parts, as outlined next:
Part A: Development & Operation of Information Systems.
Chapter 1: Definition and description of the “Life-cycle development” process of information systems and of the 4 stages of development and operation of computerized systems.
Chapter 2: Description of the steps making up stage 1 (needs analysis), of the “life-cycle development” process.
Chapter 3: Analysis of the steps included in stage 2 (system development), of the “life-cycle development” process.
Chapter 4: Explanatory description of the steps making up the stage 3 (system operation), of the “life-cycle development” process.
Chapter 5: Descriptive analysis of the technological and administrative infrastructural aspects, these being termed as the stage 4 of the “life-cycle development” process.
Chapter 6: Definition of the major responsibilities, duties and activities of an IT department, the work environment within which IT operates and the various EDP operating modes.
Part B: Operation of an IT Audit Department
Chapter 7: Analysis of an IT Audit Methodology (audit risk analysis, audit objectives, sampling, audit products, audit report, audit software, etc.) and a summary description of the IT Audit Areas.
Chapter 8: Description of the job roles and responsibilities of the IT Audit Manager and staff, the audit committee, the audit manual, the audit charter, etc.
Chapter 9: Description of an IT Audit Risk Analysis Methodology.
Part C: EDP/IT Audit Areas
Chapter 10: Description of the “IT Organization and administration” audit area and its components, as well as the major control concepts necessary an operating IT department and assessed during IT audits and reviews.
Chapter 11: Definition of the constituent elements of the audit area pertaining to “IT Strategy” (balanced scorecard methodology, activities plans, etc.) and the most critical control points that should be reviewed in the process of IT audits (as per international standards).
Chapter 12: Analysis of the most critical concepts and minimum control measures of the audit area “IT Security” (vulnerability analysis, security policy, security procedures).
Chapter 13: Description of the major elements and most critical control concepts of the audit area “Contingency Planning & Disaster Recovery” for IT Systems.
Chapter 14: Analysis and description of the major parts included in the audit area “System Development & Maintenance” and the necessary control points to be examined during the IT audit review process.
Chapter 15: Description of the elements and control points of the audit area “Computer Centre Operations & Services”, which are examined during the IT audit process.
Chapter 16: Analysis and description of the most critical controls to be assessed in the audit area of “Computerized System Operation”, during the audit review process.
Appendices
No comments:
Post a Comment