Information Technology Control and Audit, Second Edition

Information Technology Control and Audit, Second Edition is an excellent introductory textbook for IT auditing. It covers a wide range of topics in the field including the audit process, the legal environment of IT auditing, security and privacy, and much more.This textbook first examines the foundation of IT audit and control, discussing what IT auditing involves and the guidance provided by organizations in dealing with control and auditability issues. It then analyzes the process of audit and review, explores IT governance and control, and discusses the CobiT framework and steps that align IT decisions with business strategy. This volume examines project management processes that ensure that projects are controlled from inception through integration.It continues by addressing auditing IT acquisition and implementation, describing risks and controls as related to the life cycle of application systems. It highlights the purchase and installation of new systems, as well as change management. The next section examines the auditing of IT operations in both standalone and global environments, covering types of IT operation, issues related to specific platforms, risk and control assessment, and audit methods and support tools.The textbook concludes with a review of emerging issues, providing undergraduate and graduate students with a thorough overview of a topic critical to organizational security and integrity.