Core Concepts of Information Technology Auditing [Paperback]

James E. Hunton (Author), Stephanie M. Bryant (Author), Nancy A. Bagranoff (Author)

Book Description

Publication Date: July 21, 2003 | ISBN-10: 0471222933 | ISBN-13: 978-0471222934

Offering concise, readable coverage of information technology auditing, this new book helps readers understand the impact of information and communication technologies on organizations and accountants, and shows how to apply IT-auditing techniques using computer-assisted auditing tools. The book also explores security issues, legal and ethical issues, and more.
* Describes the use of computer assisted audit techniques and computer fraud auditing
* Explains IT audit in the context of the CobiT(r) framework.
* Accompanied by a CD with ACL software, and an appendix contains an audit case requiring its usage. There is also and appendix of IT audit terminology and definitions.

Editorial Reviews

From the Back Cover

A CONCISE, HOW-TO APPROACH TO IT AUDITING

Whether you’re a student or professional in the areas of information technology (IT) auditing, financial statement auditing, accounting, or management information systems, this book provides a solid foundation for understanding a wide array of key internal control issues that lie at the intersection of IT, accounting, and auditing.

Concise coverage of all the basic of IT auditing.

Although this book focuses on core concepts of IT auditing, the breadth and depth of coverage allows you to focus on those topics you need to meet your objectives. Instructors can use it as a stand-alone text in an IT auditing class or as a supplement to a Principles of Auditing or Advanced Auditing course.

Core concepts presented in the context of the CobiT^® framework.

The authors draw heavily from IT auditing practice and from CobiT^®, the Information Systems Audit and Control Association’s integrated framework for control in an IT environment.

A strong emphasis on managing information technology risks.

Core Concepts of Information Technology Auditing takes a risk approach to IT auditing, and covers in detail the risks associated with information systems deployment, operations, networks and telecommunications, and e-business.

Insight into recent developments in the field.

The book incorporates current rules and regulations, such as The Sarbanes-Oxley Act, Statement of Auditing Standards 94, and Statement of Auditing Standards 99, and provides insight on how they are affecting the profession.

Complete with hands-on software.

A CD featuring a student version of ACL software accompanies the text. The text also includes a comprehensive ACL case, which is both an exercise in using ACL and problem solving, ACL data files are available on the book’s web site.

About the Author

James E. Hunton earned his B.B.A. degree in accounting from West Texas State University. He received his M.B.A. degree in management from River College in Nashua, New Hampshire, and earned his Ph.D. in business administration (majoring in accounting and information systems) from the University of Texas at Arlington. Professor Hunton is also a certified public accountant (Texas).

Stephanie M. Bryant, Ph.D., CPA, is an associate professor of Accounting at the University of South Florida, where she holds the position of Advisory Council Professor of Accounting. She previously taught at James Madison University, in Harrisonburg, Virginia, where she served as the director of the Accounting Information Systems Program. She earned both her B.S. in accounting and Ph.D. in accounting (concentration in information systems) at Louisiana State University. Dr. Bryant teaches graduate and undergraduate classes in consulting, accounting information systems, and information systems audit, and previously worked for KPMG Peat Marwick.

Nancy A. Bagranoff received her A.A. degree from Briarcliff College, B.S. degree from the Ohio State University, and M.S. degree in accounting from Syracuse University. Her D.B.A. degree was conferred by the George Washington University in 1986 (accounting major and information systems minor). From 1973 to 1976, she was employed by General Electric in Syracuse, New York, where she completed the company’s Financial Management Training Program. Dr. Bagranoff is a certified public accountant, licensed in the District of Columbia, since 1982. She taught at American University for many years and served as the chair of the Department of Accounting from 1995 to 1998.

 

Product Details

• Paperback: 304 pages
• Publisher: Wiley (July 21, 2003)
• Language: English
• ISBN-10: 0471222933
• ISBN-13: 978-0471222934
• Product Dimensions: 7 x 0.4 x 9.9 inches
• Shipping Weight: 1 pounds (View shipping rates and policies)
• Average Customer Review: 2.8 out of 5 stars  See all reviews (6 customer reviews)
• Amazon Best Sellers Rank: #557,095 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews

16 of 17 people found the following review helpful:

5.0 out of 5 stars Apt title - excellent intro, July 13, 2004

By 

Mike Tarrani "www.tarrani.com" (Deltona, FL USA) - See all my reviews
(COMMUNITY FORUM 04)    (REAL NAME)   

This review is from: Core Concepts of Information Technology Auditing (Paperback)

Although this is a college-level text, it can be effectively used by newly minted IT auditors to quickly learn the key knowledge and skill factors needed to function within their roles.

I like and highly recommend this book because of the emphasis on CObIT (Control Objectives for IT), which is the basis for auditing per the IT Governance Institute, which is, in turn under the aegis of Information Systems Audit and Control Association.

As stated by a previous reviewer, this book is wide in scope. The first three chapters cover the basics in clear prose and sufficient detail to give both students and on-the-job new practitioners all of the information needed to orient themselves in the role of an IT auditor. The emphasis on risk management in different domains is another strong point. The chapters covering risks associated with network and telecommunications, e-business systems, and system deployments are both technically accurate and portray realistic scenarios. Chapters 9 (Conducting the IT Audit), and 10 (Fraud and Forensic Auditing) round out the topic areas, leaving no gaps in the knowledge required to be an IT auditor.

The accompanying CD ROM has a software application to be used in conjunction with Appendix B case study. I did not work the case study, nor did I thoroughly exercise the application, so will refrain from making judgments about the usability or value of the application. The case study, though, was well put together and realistic, making it an ideal adjunct for class exercises, as well as working practicing auditors through real world scenarios.

For those new to IT Auditing in general and CObIT in particular I recommend visiting the following two sites: IT Governance Institute, ASIN B0001F8V14, and Information Systems Audit and Control Association, ASIN B00006BW74. You can paste the ASIN numbers in the Search box, select All Products and click the GO button to reach these sites. Once there you can explore additional material that will augment this book, as well as copies of CObIT, and an 84-page document titled 'IT Control Objectives for Sarbanes-Oxley', which is one of the hottest contemporary topics in IT auditing.

13 of 14 people found the following review helpful:

4.0 out of 5 stars Up to date, encompassing textbook on IT auditing, May 4, 2004

By 

E. Danielyan - See all my reviews
(REAL NAME)   

This review is from: Core Concepts of Information Technology Auditing (Paperback)

This is an up to date and good textbook on IT auditing. It begins with an overview of IT audit, legal and ethical issues, risks and controls and ends with a chapter on fraud and forensic accounting. What makes this book especially suited for classroom or self-study is the inclusion of discussion questions, exercises, notes and recommended reading lists at the end of every chapter.

The authors cover a wide field but on the same time manage to touch upon all important topics. COBIT, ISACA standards and guidelines are heavily used and referenced throughout the book, providing a good link between study and practice and perhaps making the book one of the preparation resources for the Certified Information Systems Auditor (CISA) examination. The book also includes a CD with ACL software and a sample auditing engagement, which may be useful in some cases, although it does cover only a fraction of knowledge presented in the book.

Overall, this book indeed teaches the core concepts of IT/IS auditing. This book exists in two identical versions: one is for the North American market, another is for all other countries, although the coverage is mostly limited to US and Canadian regulations and practices.

7 of 8 people found the following review helpful:

2.0 out of 5 stars It mainly about Security Risk issues, September 17, 2004

By 

Bill Schlitzkus (Riverwoods, IL) - See all my reviews
(REAL NAME)   

This review is from: Core Concepts of Information Technology Auditing (Paperback)

As an example, in the chapter on IT Risks and Controls, the only discussion of data integrity is buried in a few lines in a section entitled Security Risk. The examples in the book are mainly about Security issues. Take the subject of data integrity on file transfers. I believe the only mention of the subject outside of Security concerns is a Figure on the OSI Model (Transport layer alone won't detect if a mixture of old and new files are erroneously transfered to downstreams). There is no mention of detection/recovery of skipping/double-posting transactions, error thresholds, data base consistency on no-posts, restart/retry logic, checking for count and amount mismatches, balancing using checkpoints, etc. An auditor I believe should be aware of these types of issues concerning data integrity even in a core concept book.