1;Preface;6 2;Table of Contents;9 3;1 IT Auditing: An Overview and Approach;13 3.1;1.1 Evolution in Managements' Perceptions;13 3.2;1.2 Evolution in Information Processing Capabilities;14 3.3;1.3 Exposure to Loss;15 3.4;1.4 Objectives of IT Auditing;17 3.5;1.5 Internal Controls and IT Audit;17 3.6;1.6 Growth and Genesis of IT Auditing;19 3.7;1.7 IT Audit Approach;21 3.8;1.8 Steps in an IT Audit;24 3.9;1.9 Audit Decisions;27 4;2 Auditing and Complex Business Information Systems;32 4.1;2.1 Complex Integrated Accounting Systems;33 4.2;2.2 Distributed Data and its Effects on Organisations;35 4.3;2.3 Productivity Aspect of the Technology;43 4.4;2.4 Business Process Re-engineering;44 4.5;2.5 Intelligent Systems;45 4.6;2.6 Auditors and Changing Technology;47 4.7;2.7 Strategic Use of Technology and Audit Implications;48 4.8;2.8 Internal Controls and Auditing;51 5;3 Generation-X Technologies and IT Auditing;55 5.1;3.1 Generation-X Enterprise Technologies;56 5.2;3.2 Information Systems Integration: A Challenge;58 5.3;3.3 Assured Information Emanates from Assured Systems;61 5.4;3.4 Information Assurance: A Function of Strategic Importance;63 5.5;3.5 Various Information Assurance and Control Measures;66 5.6;3.6 Control Objectives and System Assurance;68 6;4 Complex Information Systems, Auditing Standards and IT Auditors;73 6.1;4.1 The Approach and Objectives;73 6.2;4.2 Impact of Technology Complexity on the Auditor;75 7;5 ERP and Information Integration Issues: Perspective for Auditors;85 7.1;5.1 What is Enterprise Resource Planning?;87 7.2;5.2 Implementation Cycle;89 7.3;5.3 Conceptual Models;90 7.4;5.4 Types of Implementation;92 7.5;5.6 Resistance in Social Integration;94 7.6;5.7 Process Integration;94 7.7;5.8 Auditor and ERP;102 8;6 Technology, Auditing and Cyber-Commerce;105 8.1;6.1 Technology and Auditing;106 8.2;6.2 Risk Understanding in e-Commerce for IT Auditor;109 8.3;6.3 Information at Risk;111 8.4;6.4 Controls and Audit Evidences;115 9;7 IT Auditing and Security of Information Systems;117 9.1;7.1 Information Security;118 9.2;7.2 Security Controls;120 9.3;7.3 Security Evaluation and Certification Criteria;122 9.4;7.4 Future Trends;133 9.5;7.5 Exemplary Case Laws Related to Security Needs and Breaches in USA;134 9.6;7.6 Kind of Audits Called Security Audits;155 9.7;7.7 How Can Security Audit Help the Enterprises?;158 10;8 Information Technology Governance and COBIT ®;160 10.1;8.1 Why Do we Need IT Governance?;161 10.2;8.2 Introduction to COBIT ®;162 11;9 Database Management Systems and Auditing;166 11.1;9.1 Concepts of Database Technology for Auditors;166 11.2;9.2 Operational Systems Compared to Informational Systems;187 12;10 EAI: Auditors Should Know Potential Risks to Enterprise;190 12.1;10.1 The Promise of EAI;193 12.2;10.2 Improvement in Productivity;193 12.3;10.3 EAI Reaches Beyond Your Borders;194 13;Bibliography and Further References;198 14;Glossary of IT Auditing Terms;218