Information Technology Control and Audit, Fourth Edition

Front Cover
CRC Press, 2012 M07 18 - 776 pages

The new edition of a bestseller, Information Technology Control and Audit, Fourth Edition provides a comprehensive and up-to-date overview of IT governance, controls, auditing applications, systems development, and operations. Aligned to and supporting the Control Objectives for Information and Related Technology (COBIT), it examines emerging trends and defines recent advances in technology that impact IT controls and audits—including cloud computing, web-based applications, and server virtualization.

Filled with exercises, review questions, section summaries, and references for further reading, this updated and revised edition promotes the mastery of the concepts and practical implementation of controls needed to manage information technology resources effectively well into the future. Illustrating the complete IT audit process, the text:

  • Considers the legal environment and its impact on the IT field—including IT crime issues and protection against fraud
  • Explains how to determine risk management objectives
  • Covers IT project management and describes the auditor’s role in the process
  • Examines advanced topics such as virtual infrastructure security, enterprise resource planning, web application risks and controls, and cloud and mobile computing security
  • Includes review questions, multiple-choice questions with answers, exercises, and resources for further reading in each chapter

This resource-rich text includes appendices with IT audit cases, professional standards, sample audit programs, bibliography of selected publications for IT auditors, and a glossary. It also considers IT auditor career development and planning and explains how to establish a career development plan. Mapping the requirements for information systems auditor certification, this text is an ideal resource for those preparing for the Certified Information Systems Auditor (CISA) and Certified in the Governance of Enterprise IT (CGEIT) exams.

Instructor's guide and PowerPoint® slides available upon qualified course adoption.


What people are saying - Write a review

We haven't found any reviews in the usual places.

Other editions - View all

Common terms and phrases

About the author (2012)

Frederick Gallegos, MBA, has expertise in IT Audit Education, IS Auditing, Security, and Control of Information Systems; Legal Environment of Information Systems; Local Area and Wide Area Network Security and Controls; Computer Ethics, Management Information Systems, Executive Support Systems, Internet as an Audit Resource. He has more than 35 years of teaching and practical experience in the field, published four books, and authored and coauthored more than 200 articles in the aforementioned subjects. He received his BS and MBA from the California State Polytechnic University, Pomona, California. He has a California Community College Instructor Credential. He taught for the Computer Information Systems Department, College of Business at California State Polytechnic University, Pomona, California, from 1976 to 1996 (part-time) and full-time from 1996 to 2006. After 30 years of teaching, he retired in September 2006 and received the lecturer emeritus status from the university in May 2007. In February 2008, he received the Computer Information Systems (CIS) Lifetime Achievement Award from the CIS Department at Cal Poly, Pomona, California. He continues to maintain contact and provides consulting services with his past undergraduate and graduate students and alumni of the CIS Department’s Information Assurance programs from the California State Polytechnic University, Pomona, California.

Before teaching full-time at Cal Poly (1996–2006), Gallegos worked for GAO—Los Angeles Regional Office (1972–1996) and advanced within GAO to serve as manager, Management and Evaluator Support Group. He managed staff involved in Office Automation, Computer Audit Support, Computer Audit, Training, Human Resource Planning and Staffing, Technical Information Retrieval and Security/Facilities Management. He retired from GAO in 1996 with 26 years of federal and military service. He is a recipient of several service awards from GAO, EDP Audit, Control, and Security Newsletter (EDPACS), and ISACA that recognized his past contributions to the field and his efforts in the establishment of formal universities courses at his alma mater in IS Auditing, Control and Security at the undergraduate level in 1979 with the implementation of Association to Advance Collegiate Schools of Business (AACSB) accredited graduate-level Master of Science in Business Administration Degree program in IS Auditing since 1980. (The AACSB was founded in 1916 to accredit schools of business worldwide.) Gallegos has spoken widely on topics related to the IS Audit, Control, and Security field.

Sandra Senft, MSBA-IS Audit, CISA, CIA, is an executive with more than 30 years of combined experience in auditing, financial management, insurance, and information technology (IT). During her career in IT, her responsibilities included finance, process improvement, project management, quality management, service management, sourcing, and vendor management.Sandra developed an extensive understanding of the IT and financial disciplines in her role as the global chief financial officer for Group IT within Zurich Financial Services in Zurich, Switzerland. Prior to that she was the Assistant Vice President for IT Support Services at Farmers Insurance in Los Angeles, CA. She was responsible for the Project Management Office, IT Finance, Quality Assurance, Sourcing and Vendor Management, Service Management, and Asset Management.

During her career as an IS auditor and IS audit manager, she specialized in auditing systems development projects as well as general control audits of mainframe and distributed systems, information security, disaster recovery, and quality assurance. She was also responsible for defining and developing the audit risk methodology, audit methodology, automated audit workflow system, and training audit staff. She was a faculty member of California State Polytechnic University, Pomona, California, from 1997 to 2000, where she taught undergraduate and graduate courses in IT and IS auditing. She has also presented IS auditing topics at seminars, conferences, and CISA review courses specializing in systems development auditing. She has authored and coauthored several articles on IT controls and audit for Auerbach Publications.

Sandra graduated from California State Polytechnic University, Pomona, California, with a Master of Science in business administration option in IS auditing and a Bachelor of Science in accounting. She is a non-practicing Certified Information Systems Auditor (CISA) and Certified Internal Auditor (CIA). She served as president, treasurer, director of research and academic relations, and spring conference chair for the Los Angeles Chapter of ISACA.

Aleksandra Looho Davis, MSBA-IS Audit, CISA, CIA, CPA, has over 15 years of combined experience in auditing, financial management, insurance, and risk management. Currently, she is an IT Audit Principal at a leading insurance company in California. Throughout her career, Aleksandra has spearheaded several Compliance Programs, including SOX 404, and continues to incorporate improvements to ensure sustainability of the programs. She also consults on key company initiatives to help ensure that adequate controls are considered, provides audit and other consulting services, including Enterprise Risk Management (ERM), Business Continuity/Disaster Recovery (BC/DR), and Quality Assessment and Improvement Program (QAIP). Aleksandra also facilitates communication to help increase internal controls awareness and is a liaison to external auditors.

Aleksandra graduated from California State Polytechnic University, Pomona, California, with a Master of Science in Business Administration option in IS Auditing. As a former past president of the Los Angeles Chapter of ISACA, Aleksandra has been an active chapter volunteer and supporter since she was in her graduate program. Her graduate paper on IS Audit Training Needs was awarded first prize at the ISACA LA Best Paper Contest. It was later published in the Issues in Information Systems, and accepted for presentation and publication at the International Association for Computer Information Systems (IACIS) Conference where it was selected by IACIS for the Best Research Paper Award. Aleksandra is a Certified Information Systems Auditor (CISA), Certified Internal Auditor (CIA), and Certified Public Accountant (CPA).

Bibliographic information