Note: Supplemental materials are not guaranteed with Rental or Used book purchases.
Purchase Benefits
What is included with this book?
Preface | p. ix |
About the Author | p. xv |
Acknowledgments | p. xvii |
Management Control | |
Internal Control and Information Technology | p. 3 |
Internal Control Defined | p. 3 |
Internal Control and Service Science | p. 6 |
The Proverbial Long, Hard Look | p. 9 |
Classical and New Internal Controls | p. 13 |
Deficiencies and Conflicts in Internal Control | p. 16 |
Internal Control Is IT's Current Frontier | p. 18 |
The Audit of Advanced IT Operations | p. 20 |
Case Studies on Internal Control's Contribution | p. 25 |
Internal Control and Operational Risk | p. 25 |
Monitoring Functions of Internal Control | p. 29 |
The Critical Role of Experimentation | p. 31 |
Use of Threat Curves in IT | p. 35 |
Design Review as an Internal Control Method | p. 38 |
Internal Control and System Specifications | p. 41 |
The Added Value of Prototyping | p. 43 |
Auditing Functions | p. 47 |
Purpose of Auditing | p. 47 |
Qualification of Auditors and Audit Standards | p. 50 |
Transparency in Financial Reporting | p. 52 |
The Sarbanes-Oxley Act and Its Aftereffects | p. 56 |
The Auditor's Independence of Opinion | p. 60 |
Auditing the Bank's Internal Control: A Case Study | p. 63 |
Audit Reports and Audit Trails | p. 66 |
Internal and External Audit | p. 69 |
Auditing Responsibilities Prescribed by Regulatory Agencies | p. 69 |
Structure and Standards of Internal Audit | p. 72 |
Internal Audit Functions | p. 75 |
Failures in Auditing Internal Control | p. 77 |
Outsourcing Internal Audit | p. 80 |
External Audit Functions | p. 82 |
Unqualified and Qualified Reports by External Auditors | p. 84 |
Challenging the Dominance of the Big Four | p. 88 |
The Board's Accountability for Audit | p. 91 |
Membership of the Board of Directors | p. 91 |
Legal Responsibilities of Board Members and Senior Management | p. 93 |
Committees of the Board | p. 96 |
The Corporate Governance and Nominating Committee | p. 98 |
The Audit Committee | p. 100 |
Situations That Escaped the Audit Committee's Watch | p. 102 |
Cultural Change | p. 105 |
Case Studies on Auditing a Company's Information Technology | |
Auditing the Information Technology Functions | p. 111 |
Snapshots of IT Audits | p. 111 |
Tuning the IT Audit to Regulatory Requirements | p. 114 |
Procedure of an IT Audit | p. 117 |
Why IT Audit Impacts a Firm's Technology | p. 119 |
Auditing Fraud Cases | p. 122 |
Auditing Technology Risk | p. 124 |
Auditing the Overall System Concept | p. 127 |
Testing Existing Auditing Procedures | p. 128 |
Auditing IT's Legal Risk | p. 131 |
Strategic IT Auditing: A Case Study | p. 135 |
Goal of a Strategic Audit | p. 135 |
Strategic Analysis of the Bank's Business | p. 138 |
Snapshot of IT's Status Quo | p. 143 |
What Bank Executives Thought of IT Support They Received | p. 145 |
High Back-Office Costs, Low Marketing Punch, and Treasury Department Woes | p. 148 |
Conversion Problems Created by Legacy IT | p. 150 |
Database Culture and Software Development | p. 153 |
Conclusion: A Lopsided System Design | p. 155 |
A Constructive View: Suggestions for IT Restructuring | p. 157 |
Capitalizing on the Strengths of the Institution | p. 157 |
Opportunities and Problems of Strategic Planning | p. 160 |
A New Technology Strategy | p. 162 |
Bringing High Tech to the CEO and the Professionals | p. 165 |
Improving Internal Control over IT | p. 168 |
Instituting a Risk-Management System | p. 171 |
Return on Investment and the Technology Budget | p. 174 |
Profit Center Organization and Internal Billing | p. 176 |
A Broader Perspective of IT Auditing | p. 181 |
IT Projects That Never Reach Their Goals | p. 181 |
Why Has the Project Not Been Completed? | p. 184 |
The Fall of a State-of-the-Art Project in Transaction Management | p. 188 |
Mismanagement of Client Accounts Revealed by an Audit | p. 191 |
Wrong Approach to Risk Control: Too Much Manual Work | p. 194 |
Auditing the Models for Market-Risk Exposure | p. 198 |
Technical Examples in Auditing it Functions | |
Auditing IT Response Time and Reliability | p. 203 |
Qualifications for Auditing Specific Technical Issues | p. 203 |
System Response Time | p. 206 |
System Expansion Factor | p. 208 |
User Activity and the Cost of Turnaround Time | p. 210 |
Auditing Interactive Systems | p. 214 |
Auditing System Reliability | p. 217 |
The Investigation of Reasons for Unreliability | p. 219 |
Auditing Operational Readiness | p. 221 |
Auditing the Security System | p. 225 |
Information Security and the IT Auditor | p. 225 |
Auditing Security Management | p. 227 |
Physical Security | p. 230 |
Logical Security | p. 231 |
How Safe Is Network Security? | p. 234 |
Information Security in Cyberspace-The Small Fry | p. 236 |
Information Security in Cyber Warfare-The Big Stuff | p. 239 |
The Auditor's Target in Network Security | p. 241 |
Auditing Software Security | p. 244 |
Can it Help in Compliance? The Case of Sox | |
Sarbanes-Oxley Compliance and IT's Contribution | p. 251 |
Compliance Defined | p. 251 |
Beyond Compliance with the Sarbanes-Oxley Act | p. 254 |
Both Regulation and Management Watch Should Be Proactive | p. 257 |
SOX Is a Friend of Business, Not a Foe | p. 259 |
The Fear of the Policeman Is Greater than the Fear of IT | p. 262 |
Contribution to Compliance of the Corporate Memory Facility | p. 265 |
The Contribution of Knowledge Engineering | p. 268 |
Why Knowledge Artifacts Are a Major Advance in IT | p. 271 |
What If: Backtesting Sarbanes-Oxley | p. 275 |
The Concept Underpinning Case Studies and What-If Scenarios | p. 275 |
Replaying the Enron Scandal under SOX | p. 277 |
The Worst Continued to Worsen | p. 279 |
Ignorance as a Way of Running a Big Firm | p. 281 |
Modern Financial Alchemy: Prepays | p. 284 |
Credit Insurance, Surety Bonds, and Out-of-Court Settlement | p. 288 |
Sarbanes-Oxley and the WorldCom Scandal | p. 291 |
The Contribution of the Sarbanes-Oxley Act to the American Economy | p. 293 |
Index | p. 297 |
Table of Contents provided by Ingram. All Rights Reserved. |
The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.
The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.