You are previewing The Basics of IT Audit.
O'Reilly logo
The Basics of IT Audit

Book Description

The Basics of IT Audit: Purposes, Processes, and Practical Information provides you with a thorough, yet concise overview of IT auditing. Packed with specific examples, this book gives insight into the auditing process and explains regulations and standards such as the ISO-27000, series program, CoBIT, ITIL, Sarbanes-Oxley, and HIPPA.

IT auditing occurs in some form in virtually every organization, private or public, large or small. The large number and wide variety of laws, regulations, policies, and industry standards that call for IT auditing make it hard for organizations to consistently and effectively prepare for, conduct, and respond to the results of audits, or to comply with audit requirements.

This guide provides you with all the necessary information if you're preparing for an IT audit, participating in an IT audit or responding to an IT audit.



  • Provides a concise treatment of IT auditing, allowing you to prepare for, participate in, and respond to the results
  • Discusses the pros and cons of doing internal and external IT audits, including the benefits and potential drawbacks of each
  • Covers the basics of complex regulations and standards, such as Sarbanes-Oxley, SEC (public companies), HIPAA, and FFIEC
  • Includes most methods and frameworks, including GAAS, COSO, COBIT, ITIL, ISO (27000), and FISCAM

Table of Contents

  1. Cover image
  2. Title page
  3. Table of Contents
  4. Copyright
  5. Dedication
  6. Acknowledgments
  7. About the Author
  8. About the Technical Editor
  9. Trademarks
  10. Introduction
    1. Abstract
    2. Information in this chapter
    3. Introduction to IT auditing
    4. Purpose and rationale
    5. Structure and content
  11. Chapter 1. IT Audit Fundamentals
    1. Information in this chapter
    2. What is IT auditing?
    3. Why audit?
    4. Who gets audited?
    5. Who does IT auditing?
    6. Relevant source material
    7. Summary
    8. References
  12. Chapter 2. Auditing in Context
    1. Information in this chapter:
    2. IT governance
    3. Risk management
    4. Compliance and certification
    5. Quality management and quality assurance
    6. Information security management
    7. Relevant source material
    8. Summary
    9. References
  13. Chapter 3. Internal Auditing
    1. Information in this chapter:
    2. Internal audit as an organizational capability
    3. Benefits of internal IT auditing
    4. Internal audit challenges
    5. Internal auditors
    6. Relevant source material
    7. Summary
    8. References
  14. Chapter 4. External Auditing
    1. Information in this chapter:
    2. Operational aspects of external audits
    3. External IT audit drivers and rationale
    4. External audit benefits
    5. External audit challenges
    6. External auditors
    7. Relevant source material
    8. Summary
    9. References
  15. Chapter 5. Types of Audits
    1. Information in this chapter:
    2. Financial audits
    3. Operational audits
    4. Certification audits
    5. Compliance audits
    6. IT-specific audits
    7. Relevant source material
    8. Summary
    9. References
  16. Chapter 6. IT Audit Components
    1. Information in this chapter
    2. Establishing the scope of IT audits
    3. Types of controls
    4. Auditing different IT assets
    5. Auditing procedural controls or processes
    6. Relevant source material
    7. References
  17. Chapter 7. IT Audit Drivers
    1. Information in this chapter:
    2. Laws and regulations
    3. Certification standards
    4. Operational effectiveness
    5. Quality assurance and continuous improvement
    6. Relevant source material
    7. Summary
    8. References
  18. Chapter 8. IT Audit Processes
    1. Information in this chapter:
    2. Audit planning
    3. Audit performance
    4. Reporting findings
    5. Process life cycles and methodologies
    6. Relevant source material
    7. Summary
    8. References
  19. Chapter 9. Methodologies and Frameworks
    1. Information in this chapter
    2. Audit-specific methodologies and frameworks
    3. IT governance and management frameworks
    4. Government-focused audit methodologies
    5. Security control assessment frameworks
    6. Relevant source material
    7. Summary
    8. References
  20. Chapter 10. Audit-Related Organizations, Standards, and Certifications
    1. Information in this chapter
    2. National and international perspectives
    3. Audit-focused standards and certification organizations
    4. Organizations offering standards, guidance, or certifications relevant to IT auditing
    5. Relevant source material
    6. Summary
    7. References
  21. References
    1. Abstract
    2. References
  22. Acronyms
    1. Abstract
    2. Acronyms and abbreviations
  23. Index