IT Auditing and Sarbanes-Oxley Compliance:

Information technology auditing and Sarbanes-Oxley compliance have several overlapping characteristics. They both require ethical accounting practices, focused auditing activities, a functioning system of internal control, and a close watch by the board's audit committee and CEO. Written as a contribution to the accounting and auditing professions as well as to IT practitioners, IT Auditing and Sarbanes-Oxley Compliance:Key Strategies for Business Improvementlinks these two key business strategies and explains how to perform IT auditing in a comprehensive and strategic manner.Â Based on 46 years of experience as a consultant to the boards of major corporations in manufacturing and banking, the author addresses objectives, practices, and business opportunities expected from auditing information systems. Topics discussed include the concept of internal control, auditing functions, internal and external auditors, and the responsibilities of the board of directors.Thebook uses several case studies to illustrate and clarify the material. Its chapters analyze the underlying reasons for failures in IT projects and how they can be avoided, examine critical technical questions concerning information technology, discuss problems related to system reliability and response time, and explore issues of compliance.The book concludes by presenting readers with a 'œwhat if' scenario. If Sarbannes-Oxley legislation had passed the U.S. Congress in the late 1990s or even 2000, how might this have influenced the financial statements of Enron and Worldcom? We can never truly know the answer, but if companies make use of the procedures in this book, debacles such as these ' and those which led to the 2007-2008 credit and banking crisis ' will remain a distant memory.

Preface	p. ix
About the Author	p. xv
Acknowledgments	p. xvii
Management Control
Internal Control and Information Technology	p. 3
Internal Control Defined	p. 3
Internal Control and Service Science	p. 6
The Proverbial Long, Hard Look	p. 9
Classical and New Internal Controls	p. 13
Deficiencies and Conflicts in Internal Control	p. 16
Internal Control Is IT's Current Frontier	p. 18
The Audit of Advanced IT Operations	p. 20
Case Studies on Internal Control's Contribution	p. 25
Internal Control and Operational Risk	p. 25
Monitoring Functions of Internal Control	p. 29
The Critical Role of Experimentation	p. 31
Use of Threat Curves in IT	p. 35
Design Review as an Internal Control Method	p. 38
Internal Control and System Specifications	p. 41
The Added Value of Prototyping	p. 43
Auditing Functions	p. 47
Purpose of Auditing	p. 47
Qualification of Auditors and Audit Standards	p. 50
Transparency in Financial Reporting	p. 52
The Sarbanes-Oxley Act and Its Aftereffects	p. 56
The Auditor's Independence of Opinion	p. 60
Auditing the Bank's Internal Control: A Case Study	p. 63
Audit Reports and Audit Trails	p. 66
Internal and External Audit	p. 69
Auditing Responsibilities Prescribed by Regulatory Agencies	p. 69
Structure and Standards of Internal Audit	p. 72
Internal Audit Functions	p. 75
Failures in Auditing Internal Control	p. 77
Outsourcing Internal Audit	p. 80
External Audit Functions	p. 82
Unqualified and Qualified Reports by External Auditors	p. 84
Challenging the Dominance of the Big Four	p. 88
The Board's Accountability for Audit	p. 91
Membership of the Board of Directors	p. 91
Legal Responsibilities of Board Members and Senior Management	p. 93
Committees of the Board	p. 96
The Corporate Governance and Nominating Committee	p. 98
The Audit Committee	p. 100
Situations That Escaped the Audit Committee's Watch	p. 102
Cultural Change	p. 105
Case Studies on Auditing a Company's Information Technology
Auditing the Information Technology Functions	p. 111
Snapshots of IT Audits	p. 111
Tuning the IT Audit to Regulatory Requirements	p. 114
Procedure of an IT Audit	p. 117
Why IT Audit Impacts a Firm's Technology	p. 119
Auditing Fraud Cases	p. 122
Auditing Technology Risk	p. 124
Auditing the Overall System Concept	p. 127
Testing Existing Auditing Procedures	p. 128
Auditing IT's Legal Risk	p. 131
Strategic IT Auditing: A Case Study	p. 135
Goal of a Strategic Audit	p. 135
Strategic Analysis of the Bank's Business	p. 138
Snapshot of IT's Status Quo	p. 143
What Bank Executives Thought of IT Support They Received	p. 145
High Back-Office Costs, Low Marketing Punch, and Treasury Department Woes	p. 148
Conversion Problems Created by Legacy IT	p. 150
Database Culture and Software Development	p. 153
Conclusion: A Lopsided System Design	p. 155
A Constructive View: Suggestions for IT Restructuring	p. 157
Capitalizing on the Strengths of the Institution	p. 157
Opportunities and Problems of Strategic Planning	p. 160
A New Technology Strategy	p. 162
Bringing High Tech to the CEO and the Professionals	p. 165
Improving Internal Control over IT	p. 168
Instituting a Risk-Management System	p. 171
Return on Investment and the Technology Budget	p. 174
Profit Center Organization and Internal Billing	p. 176
A Broader Perspective of IT Auditing	p. 181
IT Projects That Never Reach Their Goals	p. 181
Why Has the Project Not Been Completed?	p. 184
The Fall of a State-of-the-Art Project in Transaction Management	p. 188
Mismanagement of Client Accounts Revealed by an Audit	p. 191
Wrong Approach to Risk Control: Too Much Manual Work	p. 194
Auditing the Models for Market-Risk Exposure	p. 198
Technical Examples in Auditing it Functions
Auditing IT Response Time and Reliability	p. 203
Qualifications for Auditing Specific Technical Issues	p. 203
System Response Time	p. 206
System Expansion Factor	p. 208
User Activity and the Cost of Turnaround Time	p. 210
Auditing Interactive Systems	p. 214
Auditing System Reliability	p. 217
The Investigation of Reasons for Unreliability	p. 219
Auditing Operational Readiness	p. 221
Auditing the Security System	p. 225
Information Security and the IT Auditor	p. 225
Auditing Security Management	p. 227
Physical Security	p. 230
Logical Security	p. 231
How Safe Is Network Security?	p. 234
Information Security in Cyberspace-The Small Fry	p. 236
Information Security in Cyber Warfare-The Big Stuff	p. 239
The Auditor's Target in Network Security	p. 241
Auditing Software Security	p. 244
Can it Help in Compliance? The Case of Sox
Sarbanes-Oxley Compliance and IT's Contribution	p. 251
Compliance Defined	p. 251
Beyond Compliance with the Sarbanes-Oxley Act	p. 254
Both Regulation and Management Watch Should Be Proactive	p. 257
SOX Is a Friend of Business, Not a Foe	p. 259
The Fear of the Policeman Is Greater than the Fear of IT	p. 262
Contribution to Compliance of the Corporate Memory Facility	p. 265
The Contribution of Knowledge Engineering	p. 268
Why Knowledge Artifacts Are a Major Advance in IT	p. 271
What If: Backtesting Sarbanes-Oxley	p. 275
The Concept Underpinning Case Studies and What-If Scenarios	p. 275
Replaying the Enron Scandal under SOX	p. 277
The Worst Continued to Worsen	p. 279
Ignorance as a Way of Running a Big Firm	p. 281
Modern Financial Alchemy: Prepays	p. 284
Credit Insurance, Surety Bonds, and Out-of-Court Settlement	p. 288
Sarbanes-Oxley and the WorldCom Scandal	p. 291
The Contribution of the Sarbanes-Oxley Act to the American Economy	p. 293
Index	p. 297
Table of Contents provided by Ingram. All Rights Reserved.

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

FREE SHIPPING

Rent More, Save More! Use code: BBRENTAL

5% off 1 book, 7% off 2 books, 10% off 3+ books

IT Auditing and Sarbanes-Oxley Compliance: Key Strategies for Business Improvement

Summary

Table of Contents

Supplemental Materials