Auditing Information Systems: A Comprehensive Reference Guide - Hardcover

About the Author

JACK J. CHAMPLAIN, CPA, CISA, CIA, CFSA, is the Information Systems Audit Manager with the Boeing Employee s Credit Union. Of his 22 years in the banking industry, Mr. Champlain has over 15 years of internal auditing experience, including 12 years of information systems auditing. He is a contributor to numerous publications and is a frequent speaker and consultant in the area of information systems auditing. He holds a Masters Degree in Business Administration from Seattle University and a Bachelors Degree in Finance from the University of Washington. Jack was elected to two three-year terms on the national board of directors of the Association of Credit Union Internal Auditors (ACUIA) and is currently the Vice Chair. He is a past president of the Puget Sound Chapter of the Information Systems Audit Control Association (ISACA) and is currently the CISA Coordinator and Chair of the Academic Relations Committee. He is also a member of the American Institute of Certified Public Accountants (AICPA), and the Washington Society of Certified Public Accountants (WSCPA).

From the Back Cover

The tools, guidelines, and procedures that IS auditors need

Auditing Information Systems, Second Edition, explains clearly how to audit the controls and security over all types of information systems environments. The concepts and techniques in the book enable auditors, information security professionals, managers, and audit committee members of every knowledge and skill level to truly understand whether or not their computing systems are safe. The book provides a detailed examination of contemporary auditing issues such as:

• Information systems audit approach (physical, logical, environmental security)
• Security certifications such as SAS 70, TruSecure, SysTrust, and WebTrust
• Computer forensics
• E-Commerce and Internet security (including encryption and cryptography)
• Information privacy laws and regulations
• Information systems project management controls
• New technologies and future risks

Auditing Information Systems, Second Edition gives auditing professionals the tools they need to get their job done right. It is a must-have reference for any auditor s library.

From the Inside Flap

Increasingly, auditors, information security professionals, managers, and audit committees are being called upon to assess the risks and evaluate the controls over computer information systems in all types of organizations. However, many of these stakeholders are unfamiliar with the techniques they can use to efficiently and effectively determine whether information systems are adequately protected. Auditing Information Systems, Second Edition presents an easy, practical guide to auditing information systems that can be applied to all computing environments.

With the Second Edition of this popular resource, auditors will be able to examine an organization s hardware, software, data protection, and processing methods to ensure that adequate controls and security are in place. Little in the way of prerequisite technical know-how is required. Author Jack Champlain begins by explaining the basics of any computer system the central processing unit, operating system, and application system giving every auditor the tools needed to begin an audit. This is followed by a step-by-step approach for conducting information systems audits, detailing specific procedures that auditors can readily apply to their own organizations. The Second Edition devotes special attention to the issues of most concern to information managers today. It provides over 80 case studies that demonstrate how concepts can be applied in real-world situations. Chapter topics include:

• Information systems audit approach (physical, logical, environmental security)
• Security certifications such as SAS 70, TruSecure, CPA SysTrust, and WebTrust
• Computer forensics
• E-commerce and Internet security (including encryption and cryptography)
• Information privacy laws and regulations
• Information systems project management controls
• New technologies and future risks

As networks and enterprise resource planning (ERP) systems bring resources together, and as increasing privacy violations and international political volatility threaten more organizations, information systems integrity becomes more important than ever. Auditing Information Systems, Second Edition empowers auditors, information security professionals, managers, and audit committees to effectively gauge the adequacy and effectiveness of information systems controls.