Bøker i Internal Audit and IT Audit-serien

While the Institute of Internal Auditors (IIA) has provided standards and guidelines for the practice of internal audit through the International Professional Practice Framework (IPPF), internal auditors and Chief Audit Executives (CAEs) continue to experience difficulties when attempting to balance the requirements of the IPPF with management expectations. The true challenge for any internal auditor is to appropriately apply the Standards while exerting adequate independence and objectivity in the face of management pressure. In Leading the Internal Audit Function, Lynn Fountain presents lessons learned from her extensive experience as an internal auditor, internal audit manager, and CAE to help internal auditors understand the challenges, issues, and potential alternative solutions when executing the role. The book identifies more than 50 challenges for auditors and discusses potential alternative actions the auditor can take when they experience a similar challenge. The book explains how to: Build a value-oriented function that abides by the standards and supports the objectives and goals of the organization. Execute the many aspects of the internal audit, including assurance and consulting work. Build a risk-based audit process. Develop and sustain the internal audit team. Develop and manage relationships with management and the audit committee. Manage internal audit's role in corporate governance, compliance, and fraud. Leading the Internal Audit Function includes real-life examples, scenarios, and lessons learned from internal auditors and CAEs to emphasize the importance of carefully managing all aspects of the internal audit. The author summarizes her many lessons learned into ten "commandments" for both CAEs and internal auditors. By following the guidelines in this book, you should be well-equipped to gain management support, perform effective and ethical audits, and uphold IIA Standards.

This book introduces, defines, and discusses two core factors of IoT Systems implementation success: Return On Investment (ROI) and impacts to a city's cyber risk profile. It combines practical action items for practitioners as well as a basis for language and communication for ongoing strategy, planning, and operational needs.

This book compares and contrasts the approach to project management using ISO 21500 against the more direct ISO 33000 Capability Assessment. It shows how to assess projects adequately for process improvement or how well an organization performs against a standard, measurable framework.

This book illustrates the importance of business impact analysis, which covers risk assessment, and moves towards better understanding of the business environment, industry specific compliance, legal and regulatory landscape and the need for business continuity.

This book addresses the practice of internal auditing using GAAS (Generally Accepted Auditing Standards), GAGAS (Generally Accepted Government Auditing Standards) and International Standards for the Professional Practice of Internal Auditing (Standards) as enunciated by the IIA.

This book helps auditors understand the reality of performing the internal audit role and the importance of properly managing ethical standards. It provides many examples of ethical conflicts and proposes alternative actions for the internal auditor. Internal auditors are well-schooled on the IIA Standards, but the reality is that the pressure placed on internal auditors related to execution of work and upholding ethical standards can be very difficult. Regardless of best practice or theory, auditors must be personally prepared to manage through issues they run across.

Mastering the Five Tiers of Audit Competency is an anthology of powerful risk-based auditing practices. Filled with practical do and don¿t techniques, it encompasses the interpersonal aspects of risk-based auditing, not just the technical content. This book focuses on the behaviors you need to demonstrate and the habitual actions you need to take at each phase in an audit to manage relationships as well as the work itself. The book leverages The Whole Person Project, Inc.¿s 30 years¿ experience in hands-on organizational development consulting and custom designing internal audit training programs.

This book focuses on the importance of software quality and security. It defines various types of testing, recognizes factors that propose value to software quality, and provides theoretical and real-world scenarios that offer value and contribute quality to projects and applications. The practical synopsis on common testing tools helps readers who are in testing jobs or those interested in pursuing careers as testers. It also helps test leaders, test managers, and others who are involved in planning, estimating, executing, and maintaining software.

A Guide to the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (2.0) presents a comprehensive discussion of the NICE framework, the National Institute of Standards and Technology (NIST), and the Department of Homeland Security (DHS). It discusses in detail the relationship between the NICE framework and the NIST¿s cybersecurity framework (CSF), showing how the NICE model specifies what the particular specialty area of the workforce should be doing in order to ensure that the CSF¿s identification, protection, defense, response, or recovery functions are being carried out properly.

An information security operations involves monitoring, assessing, and defending enterprise information systems. For organizations without a formalized incident-handling capability, the creation from scratch of a security operations center that enables centralized visibility, alerting and investigation can be a daunting task. But fortunately organizations don¿t need a room full of security experts and an investment of millions of dollars in security systems to make progress here. This book explains how to develop an effective security operations center (SOC) and provides a roadmap for continuously evolving this capability to keep pace with the tactics of the adversaries.

Most organizations have been caught off-guard with the proliferation of smart devices. The IT organization was comfortable supporting the Blackberry due to its ease of implementation and maintenance. But the use of Android and iOS smart devices have created a maintenance nightmare not only for the IT organization but for the IT auditors as well. This book will serve as a guide to IT and Audit professionals on how to manage, secure and audit smart device. It provides guidance on the handling of corporate devices and the Bring Your Own Devices (BYOD) smart devices.

Risk-based operational audits and performance audits require a broad array of competencies

Blockchain for Cybersecurity and Privacy: Architectures, Challenges, and Applications is an invaluable resource to discover the Blockchain applications for cybersecurity and privacy. The purpose of this book is to improve the awareness of readers about Blockchain technology applications for cybersecurity and privacy.

Blockchain for Cybersecurity and Privacy: Architectures, Challenges, and Applications is an invaluable resource to discover the Blockchain applications for cybersecurity and privacy. The purpose of this book is to improve the awareness of readers about Blockchain technology applications for cybersecurity and privacy.

This book presents the fundamental concepts of information and communication technology (ICT) governance and control. Readers learn how to create a working, practical control structure that will ensure the ongoing, day-to-day trustworthiness of ICT systems and data. The book explains how to establish systematic control functions and timely reporting procedures within a standard organizational framework and how to build auditable trust into the routine assurance of ICT operations.

The book provides the complete strategic understanding requisite to allow a person to create and use the RMF process recommendations for risk management. This will be the case both for applications of the RMF in corporate training situations, as well as for any individual who wants to obtain specialized knowledge in organizational risk management. It is an all-purpose roadmap of sorts aimed at the practical understanding and implementation of the risk management process as a standard entity. It will enable an "application" of the risk management process as well as the fundamental elements of control formulation within an applied context.

This book explores a broad cross section of research and actual case studies to draw out new insights that may be used to build a benchmark for IT security professionals. This research takes a deeper dive beneath the surface of the analysis to uncover novel ways to mitigate data security vulnerabilities, connect the dots and identify patterns in the data on breaches. This analysis will assist security professionals not only in benchmarking their risk management programs but also in identifying forward looking security measures to narrow the path of future vulnerabilities.

Past events have shed light on the vulnerability of mission-critical computer systems at highly sensitive levels. It has been demonstrated that common hackers can use tools and techniques downloaded from the Internet to attack government and commercial information systems. Although threats may come from mischief makers and pranksters, they are more likely to result from hackers working in concert for profit, hackers working under the protection of nation states, or malicious insiders. Securing an IT Organization through Governance, Risk Management, and Audit introduces two internationally recognized bodies of knowledge: Control Objectives for Information and Related Technology (COBIT 5) from a cybersecurity perspective and the NIST Framework for Improving Critical Infrastructure Cybersecurity (CSF). Emphasizing the processes directly related to governance, risk management, and audit, the book provides details of a cybersecurity framework (CSF), mapping each of the CSF steps and activities to the methods defined in COBIT 5. This method leverages operational risk understanding in a business context, allowing the information and communications technology (ICT) organization to convert high-level enterprise goals into manageable, specific goals rather than unintegrated checklist models. The real value of this methodology is to reduce the knowledge fog that frequently engulfs senior business management, and results in the false conclusion that overseeing security controls for information systems is not a leadership role or responsibility but a technical management task. By carefully reading, implementing, and practicing the techniques and methodologies outlined in this book, you can successfully implement a plan that increases security and lowers risk for you and your organization.

This book consists of 100 topics, concepts, tips, tools and techniques that relate to how internal auditors interact with internal constitutencies and addresses a variety of technical and non-technical subjects.

There are many webinars and training courses on Data Analytics for Internal Auditors, but no handbook written from the practitionerΓÇÖs viewpoint covering not only the need and the theory, but a practical hands-on approach to conducting Data Analytics. The spread of IT systems makes it necessary that auditors as well as management have the ability to examine high volumes of data and transactions to determine patterns and trends. The increasing need to continuously monitor and audit IT systems has created an imperative for the effective use of appropriate data mining tools. This book takes an auditor from a zero base to an ability to professionally analyze corporate data seeking anomalies.

This book presents a standard methodology approach to cyber-resilience. Readers will learn how to design a cyber-resilient architecture for a given organization as well as how to maintain a state of cyber-resilience in its day-to-day operation.