auditing - ISACA [PDF]

AUDITING

Featuring CISA® Exam Prep

ISACA BOOKSTORE isaca.org/bookstore

CISA® Exam Prep Materials BESTSELLING PRODUCT

ISACA® (isaca.org) helps global professionals lead, adapt and assure trust in an evolving digital world by offering innovative and world-class knowledge, standards, networking, credentialing and career development. Established in 1969, ISACA is a global nonprofit association of 140,000 professionals in 180 countries. ISACA also offers the Cybersecurity Nexus™ (CSX), a holistic cybersecurity resource, and COBIT®, a business framework to govern enterprise technology.

CISA® Review Questions, Answers & Explanations Database—12-Month Subscription

CISA® Review Questions, Answers & Explanations Database—6-Month Extension

The CISA® Review Questions, Answers & Explanations Database is a comprehensive 1,000-question pool of items that combines the questions from the CISA® Review Questions, Answers & Explanations Manual, 11th Edition. The database has been revised according to the recently updated 2016 CISA Job Practice.

The CISA® Questions, Answers & Explanations Database— 6-Month Extension should be purchased only as an extension to the CISA® Practice Question Database— 12-Month Subscription. The database is available via the web, allowing CISA candidates to log in at home, at work or anywhere they have Internet connectivity.

The database is available via the web, allowing CISA Candidates to log in at home, at work or anywhere they have Internet connectivity. This database is MAC and Windows compatible.

After purchase, you can access this course by visiting your MyISACA page and clicking CISA Question Database Button.

Exam candidates can take sample exams with randomly selected questions and view the results by job practice domain, allowing for concentrated study in particular areas. Additionally, questions generated during a study session are sorted based on previous scoring history, allowing CISA candidates to identify their strengths and weaknesses and focus their study efforts accordingly.

2016

CISA

Review Questions, Answers & Explanations Database

Member: US $45.00 Non-member: US $65.00 Product Code: XMXCA15-EXT180

Other features provide the ability to select sample exams by specific job practice domain, view questions that were previously answered incorrectly and vary the length of study sessions, giving candidates the ability to customize their study approach to fit their needs. After purchase, you can access this course by visiting your MyISACA page and clicking CISA Question Database Button. 2016

CISA

Review Questions, Answers & Explanations Database

Member: US $185.00 Non-member: US $225.00 Product Code: XMXCA15-12M The CISA® Review Questions, Answers & Explanations Database is also available on CD-Rom in Spanish.

Contact the ISACA Bookstore E-mail: [email protected] Tel: +1.847.660.5650 Fax: +1.847.253.1443 Order online at isaca.org/bookstore

®

CISA Exam Prep Materials CISA® Review Questions, Answers & Explanations Manual, 11th Edition

CISA® Review Manual, 26th Edition The CISA® Review Manual, 26th Edition is a comprehensive reference guide designed to help individuals prepare for the CISA exam and understand the roles and responsibilities of an information systems (IS) auditor. The manual has been revised according to the 2016 CISA Job Practice and represents the most current, comprehensive, peer-reviewed IS audit, assurance, security and control resource available.

Designed to familiarize candidates with the question types and topics featured in the CISA exam, the CISA® Review Questions, Answers & Explanations Manual, 11th Edition consists of 1,000 multiple-choice study questions that have previously appeared in the CISA® Review Questions, Answers & Explanations Manual 2015 and the CISA® Review Questions, Answers & Explanations Manual 2015 Supplement. The manual has been updated according to the newly revised 2016 Job Practice.

The 26th edition is organized to assist candidates in understanding essential concepts and studying the following job practice areas: The Process of Auditing Information Systems; Governance and Management of IT; Information Systems Acquisition, Development and Implementation; Information Systems Operations, Maintenance and Service Management; Protection of Information Assets

Many questions have been revised or completely rewritten to be more representative of the CISA exam question format and/or to provide further clarity or explanation of the correct answer. These questions are not actual exam items but are intended to provide CISA candidates with an understanding of the type and structure of questions and content that have previously appeared on the exam. This publication is ideal to use in conjunction with the:

The CISA® Review Manual, 26th Edition features an easy-to-navigate format. Each of the five chapters has been divided into two sections for focused study. Section one of each chapter contains:

• CISA Review Manual, 26th Edition ®

• Definitions and objectives for the five areas, as well as the corresponding tasks performed by IS auditors and knowledge statements (required to plan, manage and perform IS audits) that are tested on the exam

• CISA® Review Questions, Answers & Explanations Database – 12 Month Subscription To assist candidates in maximizing study efforts, questions are presented in the following two ways:

• A map of the relationship of each task to the knowledge statements

• Sorted by job practice area—Questions, answers and explanations are sorted by the CISA job practice areas. This allows the CISA candidate to refer to questions that focus on a particular area as well as to evaluate comprehension of the topics covered within each practice area.

• A reference guide for the knowledge statements, including the relevant concepts and explanations

• Self-assessment questions and explanations of the answers Section two of each chapter consists of reference material and content that supports the knowledge statements. The material enhances CISA candidates’ knowledge and/or understanding when preparing for the CISA certification exam. In addition, the CISA® Review Manual, 26th Edition includes brief chapter summaries focused on the main topics and case studies to assist candidates in understanding current practices. Also included are definitions of terms most commonly found on the exam.

26 Edition th

CISA

3701 Algonquin Road | Suite 1010 Rolling Meadows, IL 60008 | USA P: +1.847.253.1545 F: +1.847.253.1443 E: [email protected] isaca.org

Review Questions, Answers & Explanations Manual

Available in: Chinese Simplified, Italian, Japanese, and Spanish

11th Edition

Order online at isaca.org/bookstore

CISA Review Manual — 26th Edition

CISA Review Questions, Answers & Explanations Manual

th

CISA

Suite 1010 8 | USA

The manual also serves as an effective desk reference for IS auditors.

Review Manual

11 Edition

— URMILLA PERSAD, CISA, CISM, CRISC IT AUDIT MANAGER, FIRST CITIZENS TRINIDAD & TOBAGO PORT OF SPAIN, TRINIDAD & TOBAGO ISACA MEMBER SINCE 2004

Becoming ISACA-certified doesn’t just say you’re well read or well connected. It announces that you have the expertise and insight to speak with authority. The credibility that it adds lets you create value for your enterprise. Your ISACA certifications are more than just credentials, they are platforms that can elevate your career.

• References to specific content in section two for each knowledge statement

• Scrambled as a sample 150-question exam—150 of the 1,000 questions included in the manual are selected to represent a full-length CISA exam, with questions chosen in the same percentages as the current CISA job practice areas. Candidates are urged to use this sample test to simulate an actual exam and to determine their strengths and weaknesses in order to identify areas that require further study. Answer sheets and an answer/reference key for the sample exam are also included. All sample test questions have been cross-referenced to the questions sorted by practice area, making it convenient for the user to refer back to the explanations of the correct answers. Member: US $100.00 Non-member: US $130.00 Product Code: QAE11ED

“ISACA CERTIFICATIONS SHOW YOU’RE QUALIFIED. EMPLOYERS CAN INSTANTLY SEE YOU AS AN ASSET.”

Member: US $105.00 Non-member: US $135.00 Product Code: CRM26ED Available in: Chinese Simplified, French, Italian, Japanese, and Spanish

CERTIFICATION EXAMS ARE HELD IN JUNE / SEPTEMBER / DECEMBER. To learn more or register for an upcoming exam go to: www.isaca.org/certifications

Audit Resources Auditing Cloud Computing: A Security and Privacy Guide

A New Auditor’s Guide to Planning, Performing and Presenting IT Audits

Information Technology Control and Audit, Fourth Edition

Auditor’s Guide to IT Auditing and Software Demo, Second Edition

by Ben Halpert

by Nelson Gibbs, Divakar Jain, Amitesh Joshi, Surekha Muddamsetti, Sarabjot Singh

by Sandra Senft and Frederick Gallegos

by Richard E. Cascarino

The new edition of a bestseller, Information Technology Control and Audit, Fourth Edition provides a comprehensive and up-to-date overview of IT governance, controls, auditing applications, systems development, and operations. Aligned to, and supporting the Control Objectives for Information and Related Technology (COBIT), it examines emerging trends and defines recent advances in technology that impact IT controls and audits—including cloud computing, web-based applications, and server virtualization.

Many Auditors are unfamiliar with the techniques they need to know to efficiently and effectively determine whether information systems are adequately protected. Now in a Second Edition, Auditor’s Guide to IT Auditing presents an easy, practical guide for auditors that can be applied to all computing environments.

Many organizations are reporting or projecting a significant cost savings through the use of cloud computing-utilizing shared computing resources to provide ubiquitous access for organizations and end users. Just as many organizations, however, are expressing concern with security and privacy issues for their organization’s data in the “cloud.” Auditing Cloud Computing provides necessary guidance to build a proper audit to ensure operational integrity and customer data protection, among other aspects, are addressed for cloud based resources. Member: US $65.00 Non-member: US $75.00 Product Code: 107ACC

Information technology is a highly dynamic, rapidly changing environment. IT auditors are expected to stay current with the latest tools, technologies and trends, and may need to do additional research to prepare for specific audits. This book is designed to help aspiring and active internal auditors take a step back and understand the general process and activities involved in conducting an audit around technology. Member: US $70.00 Non-member: US $80.00 Product Code: 1IIA

Member: US $90.00 Non-member: US $100.00 Product Code: 4CRC4

• Follows the approach used by the Information System Audit and Control Association’s model curriculum, making this book a practical guide for IS auditing • Serves as an excellent study aid for those preparing for the CISA and CISM exams • Includes discussion of risk evaluation methodologies, new regulations, SOX, privacy, banking, IT governance, COBIT, outsourcing, network management and the Cloud. Member: US $95.00 Non-member: US $105.00 Product Code: 53WAG2

IT Auditing and Application Controls for Small and Mid-Sized Enterprise: Revenue, Expenditure, Inventory, Payroll, and More by Jason Woods, William Brown, Harry Howe If you’re a financial auditor needing working knowledge of IT and application controls, IT Auditing and Application Controls for Small and Mid-Sized Enterprise provides the information you need. Conceptual overviews of key IT auditing issues are included, as well as concrete hands-on tips and techniques. Inside, you’ll find background and guidance with appropriate reference to material published by ISACA, AICPA, organized to show the increasing complexity of systems, starting with general principles and progressing through greater levels of functionality. Member: US $70.00 Non-member: US $80.00 Product Code: 111WIT

Order online at isaca.org/bookstore

Securing Cloud and Mobility: A Practitioner’s Guide by Ian Lin, E.Coleen Coolidge, Paul Hourani Although virtualization is a widely accepted technology, there are few books dedicated to virtualization and security. Securing Cloud and Mobility: A Practitioner’s Guide fills this need by explaining how to secure the multifaceted layers of private and public cloud deployments as well as mobility infrastructures. With comprehensive coverage that includes network, server, and endpoint security, it provides a strategic view of the security implications of virtualization and cloud computing. Member: US $80.00 Non-member: US $90.00 Product Code: 58CRC

Security Strategies in Windows Platform and Applications, Second Edition by Michael G. Solomon More than ninety percent of individuals, students, educators, businesses, organizations, and governments use Microsoft Windows, which has experienced frequent attacks against its well-publicized vulnerabilities. Revised and updated to keep pace with this ever-changing field, Security Strategies in Windows Platform and Applications, Second Edition focuses on new risks, threats, and points of weakness associated with the Microsoft Windows operating system. Particular emphasis is placed on Windows XP, Vista, and 7 on the desktop, and Windows Server 2003 and 2008 versions. This book instructs on how to use tools and techniques to decrease risks arising from vulnerabilities in Microsoft Windows operating systems and applications. Member: US $102.00 Non-member: US $112.00 Product Code: 3JBSS2

Order online at isaca.org/bookstore

Audit Resources Fraud Auditing and Forensic Accounting, Fourth Edition

Auditing and Assurance Services: Understanding the Integrated Audit

Interpretation and Application of International Standards on Auditing

Security, Audit and Control Features Oracle® Database, 3rd Edition

by Tommie W. Singleton, Aaron J. Singleton

by Karen L. Hooks

by Steven Collings

*Look for the release of the 4th edition in late 2015

With the responsibility of detecting and preventing fraud falling heavily on the accounting profession, every accountant needs to recognize fraud and learn the tools and strategies necessary to catch it in time. Providing valuable information to those responsible for dealing with prevention and discovery of financial deception, Fraud Auditing and Forensic Accounting, Fourth Edition helps accountants develop an investigative eye toward both internal and external fraud and how to cope with fraud when it has occurred.

This publication discusses the auditing profession’s requirement to focus on the integrated audit in the wake of the Sarbanes-Oxley Act. It also outlines the impact of the Public Company Accounting and Oversight Board (PCAOB) on the auditing of public companies.

In recent years, auditing has undergone significant changes, due in large part to well-publicized corporate disasters such as Enron and Parmalat, which have shaken the profession. In response, many countries have replaced preexisting domestic standards with International Standards on Auditing (ISAs) in an attempt to ensure that auditors throughout the world apply the same level of work during all audit assignments, and that audit quality remains consistent on a global basis. Use this book as ready-resource for navigating the global standards.

Protecting information assets is challenging for every enterprise, regardless of size and industry, and it has become an even more complex task for enterprises adopting distributed computing environments. Security, Audit and Control Features Oracle Database, 3rd Edition provides a new perspective of security and controls over Oracle. This updated edition includes a background and review of security controls and addresses the risks associated with protecting information in a distributed computing environment of various platforms, versions, interfaces and tools.

Member: US $237.00 Non-member: US $247.00 Product Code: 93WAAS

Member: US $80.00 Non-member: US $90.00 Product Code: 88WFA

Member: US $110.00 Non-member: US $120.00 Product Code: 95WISA

Member: US $40.00 Non-member: US $55.00 Product Code: ODB9

Security, Audit and Control Features Oracle® E-Business Suite, 3rd Edition *Look for the release of the 4th edition in late 2015

by ISACA Deloitte Touche Tohmatsu Research Team

IT Audit, Control, and Security by Robert Moeller When it comes to computer security, the role of auditors today has never been more crucial. Auditors must ensure that all computers, in particular those dealing with e-business, are secure. As the only source for information on the combined areas of computer audit, control and security, the book describes the types of internal controls, security and integrity procedures that management must build into its automated systems. This timely book provides auditors with the guidance they need to ensure that their systems are secure from both internal and external threats. Member: US $90.00 Non-member: US $100.00 Product Code: 90WACS

Order online at isaca.org/bookstore

This updated edition of one of ISACA’s most popular guides reflects the many changes that the business environment and the Oracle ERP application have undergone since the second edition was published. In response to customer needs and an increased market awareness of governance, risk and compliance (GRC), Oracle Corp. has continued to boost its GRC offerings and released the updated and improved Oracle E-Business Suite R12.1 (EBS) in 2009. This in-demand guide also provides an update on current industry standards and identifies future trends in Oracle EBS risk and control. It enables audit, assurance, risk and security professionals (IT and non-IT) to evaluate risks and controls in existing ERP implementations, and facilitates the design and implementation of better practice controls into system upgrades and enhancements. Member: US $60.00 Non-member: US $75.00 Product Code: 1SOA3

Controls and Assurance in the Cloud: Using COBIT® 5 This information can assist enterprises in assessing the potential value of cloud investments to determine whether the risk is within the acceptable level. It provides a list of publications and resources that can help determine if cloud computing is the appropriate solution for the data and processes being considered. Print Member: US $35.00 Non-member: US $60.00 Product Code: CB5CA eBook Free member download Non-member: US $60.00 Product Code: WCB5CA

Order online at isaca.org/bookstore

Audit Resources Security, Audit and Control Features Oracle PeopleSoft, 3rd Edition by ISACA, Deloitte Touche, Tohmatsu Research Team Between the covers of this book, readers will find the details needed to confidently plan and execute a detailed review of risk and controls in a PeopleSoft environment. A lot has changed in terms of new product features, new releases and various regulatory compliance requirements for enterprises since the second edition of this guide was published in 2005. This third edition aims to ensure that the audit programs, risk and controls are functional and relevant with current research for Oracle PeopleSoft HRMS release 9.1. In addition, chapter 12, New Directions for PeopleSoft and ERP Audit, discusses the changing compliance landscape, tools to assist with compliance and Oracle Fusion, and the pathway for PeopleSoft installations.

COBIT® 5 for Assurance Building on the COBIT 5 framework, this guide focuses on assurance and provides more detailed and practical guidance for assurance professionals and other interested parties at all levels of the enterprise on how to use COBIT 5 to support a variety of IT assurance activities. Print Member: US $35.00 Non-member: US $80.00 Product Code: CB5A eBook Free member download Non-member: US $80.00 Product Code: WCB5A

Member: US $65.00 Non-member: US $80.00 Product Code: ISPS3

“THIS IS THE INFORMATION AGE. ISACA KEEPS ME MORE INFORMED.” — OPEYEMI ONIFADE, CISA, CISM, CGEIT PRACTICE LEADER, AFENOID ENTERPRISE, LTD ABUJA, NIGERIA ISACA MEMBER SINCE 2010

Connect with a global community of more than 140,000 innovators, leaders and passionate professionals in IS and IT. Leverage standards, best practices and expert insights into the rapidly evolving IT landscape. Be more informed, inspired, skilled and successful every day of your career.

LIKE BOOKS?

Pinpoint your next job opportunity with ISACA’s CareerLaser ISACA’s CareerLaser newsletter offers monthly updates on the latest jobs, top-of-mind industry news, events and employment trends to help you navigate a successful career the information systems industry. Let CareerLaser become your top resource for quality jobs matched specifically to your talents in audit,

Consider the real value of an ISACA membership. Over 575 FREE e-Book downloads available for ISACA members, including: • IT Control Objectives for Sarbanes-Oxley Web Download

assurance, security, governance, risk management and more.

• Controls & Assurance in the Cloud: Using COBIT® 5

Subscribe today by visiting www.isaca.org/careerlaser



And hundreds MORE!

Need CPEs? For less than $200 annually*, membership also offers over 70 FREE CPE hours each year—Well more than the required 40 annual hours needed to maintain your certification at an unbeatable price. *Contingent on regional chapter dues. More than 90% of all ISACA memberships are under $200.

Visit the ISACA Career Centre at www.isaca.org/careercentre to find additional career tools, including access to top job candidates.

Networking | Standards | Insights | Member Savings | Free CPEs | COBIT ® 5 Order online at isaca.org/bookstore

3701 Algonquin Road, Suite 1010 Rolling Meadows, IL 60008 USA

Contact the ISACA Bookstore E-mail: [email protected] Tel: +1.847.660.5650 Fax: +1.847.253.1443