IT CONTROLS BOOK
1 view
Skip to first unread message
jkitcontrols
Nov 13, 2010, 1:42:29 AM11/13/10
to Orissa_IT
PLEASE SEE MY NEW BOOK ON IT CONTROLS. THANK YOU.
=====NEW BOOK ANNOUNCEMENT==========
The 'IT STRATEGIC AND OPERATIONAL CONTROLS' Book
by John Kyriazoglou is now available as noted next:
PRINTED VERSION: www.itgovernance.co.uk/products/3066
E-BOOK FORMAT VERSION: www.itgovernance.co.uk/products/3067
ADDENDUM TO THE BOOK (Customisable IT Audit Programmes and Checklists
(WORD FORMAT): www.itgovernance.co.uk/products/3143
These can be purchased from www.itgovernance.co.uk, and other major
world distributors (e.g. AMAZON, HOLBORN (U.K.), TSO BOOKSHOP (U.K.),
etc.).
Author: John Kyriazoglou
Publisher: IT Governance Publishing
ISBN: 9781849280617
Pages: 686
Format: Softcover
Published date: 2 September 2010
SUMMARY DESCRIPTION
Vital information on how to systematically implement IT strategic and
operational controls to support and enhance your organisation!
Nowadays, integrated information systems can significantly magnify the
accrued benefits of a given project and greatly strengthen an
organisation, but such benefits are balanced by a serious risk. If IT
systems are not used in a disciplined manner they can create havoc and
they frequently bring about unexpected results and catastrophe, as
shown by the rise in security incidents and computer-based crimes.
Master IT controls concepts and issues. Written with practicality and
convenience in mind, this book is an ideal tool for those without
specialised technical expertise seeking to understand IT controls and
their design, implementation, monitoring, review and audit issues.
Minimise risk and maximise benefits. This book provides a
comprehensive guide to implementing an integrated and flexible set of
IT controls in a systematic way. It can help organisations to
formulate a complete culture for all areas which must be supervised
and controlled; allowing them to simultaneously ensure a secure, high
standard whilst striving to obtain the strategic and operational goals
of the company.
Benefits to business include:
(1) Understand and control the associated risks of IT systems. This
book contains practical advice and illustrates solutions to the
tremendously complicated problems of designing, implementing and
auditing new and existing systems, making use of practical and easily
customisable examples.
(2) Increase management’s aptitude to achieve operational goals. With
well-controlled, integrated and robust IT systems, you can gain a
comparative advantage in a
competitive environment, whilst ensuring that information is relevant,
accurate and timely.
(3) Ensure high standards within your IT systems. For each covered
aspect of control, this book provides audit programmes and checklists
to help management and auditors
carry out reviews and audits. As an additional aid, there is an
appendix comprising guidelines and examples of ‘how to enhance’ IT
security, IT policies and ethical code.
Auditors will find reference to a large number of very relevant tools
for use in auditing and reviewing IT operations.
Making use of a clear and pragmatic presentation, this book provides a
thorough description of all elements of IT controls in a systematic
and detailed way,
allowing managers, IT professionals, practitioners and auditors to
customise examples to their own specific purpose. It is a
comprehensive tool for anyone who
wishes to cement their understanding of IT controls and, most
importantly, for those who aim to realise the full capacity of
information systems, whilst rigorously controlling the concomitant
risks.
Buy this book (and its Customisable IT audit programmes and checklists
separate volume, Addendum to IT Strategic and Operational Controls in
word format) today and discover how to control the risk of dependency
on information systems, whilst raking in its associated benefits!
BOOK SYNOPSIS
This book is about Information Technology (IT) Strategic and
Operational Controls. IT controls enable and support all management
levels of the organization (top, middle, and lower) to accomplish the
IT strategic and operational goals of the organization. The book
covers all the IT areas and is structured in ten chapters and a set of
appendices, as noted below:
Chapter 1: IT Organization Controls
This chapter describes the main IT Organization Controls, such as: IT
Department Functional Description Controls, IT Organizational
Controls, IT Vision, Mission and Values, Monitoring and Review
Controls, IT Control Frameworks, and IT Organization Performance
Measures. Also examples of (a) IT terms of reference, (b) the contents
of four IT control frameworks (COBIT, ITIL, ISO/IEC 38500, and The
Calder-Moir IT Governance Framework), and (c) IT organization
performance measures, are presented.
In addition to these a set of audit programs and checklists are
described, such as: IT Terms of Reference Checklist, IT Organizational
Assessment Audit Program, IT Functional Assessment Audit Program, etc.
Chapter 2: IT Administration Controls
This chapter describes the main IT Administration Controls, such as:
IT Standards, Policies and Procedures, IT Budget, IT Asset Controls,
IT Personnel Management Controls, IT Purchasing Controls, IT
Management Reporting, and IT Administration Performance Measures. Also
examples of (a) an IT budget, (b) IT personnel job descriptions of a
Chief Information Officer, Business Systems Analyst, Application
Systems Analyst, etc., and (c) IT administration performance measures,
are presented. In addition to these the following audit programs and
checklists are described: IT Personnel Management Controls Audit
Program, IT Procedures Audit Program, Standards Checklist and
Segregation of Duties Checklist.
Chapter 3: Enterprise Architecture Controls
This chapter describes the main Enterprise Architecture Controls, such
as: Enterprise Architecture Frameworks, Enterprise or Operating Model
of the Organization, Business Process Narratives, Enterprise
Architecture Repository, etc., and Enterprise Architecture Performance
Measures. Also examples of (a) strategies, general goals, and
objectives, (b) mission, vision, and values statements, and (c) a
corporate ethics policy are presented.
In addition to these a set of audit checklists are described, such as:
Enterprise Architecture Framework Checklist, Corporate Vision,
Mission, and Values Statements Checklist, and Corporate Strategic Plan
Checklist.
Chapter 4: IT Strategic Controls
This chapter describes the main IT Strategic Controls, such as: IT
Strategic Process Controls, IT Strategy Implementation and Monitoring
Controls, and IT Strategic Performance Management Controls. Also
examples of (a) an IT Strategy Analysis Methodology, (b) an IT
Strategy Implementation Action Plan, (c) the contents of an IT
strategic plan and an IT Performance Management Policy, and (d) an IT
Balanced Scorecard and IT strategic performance measures, are
presented. In addition to these the following audit programs and
checklists are described: IT Strategic Planning Checklist, IT BSC
Implementation Checklist, IT Strategic Controls Implementation
Checklist, IT Performance Assessment Audit Program, and CIO Business
Plan Assessment Audit Program
Chapter 5: System Development Controls
This chapter describes the main IT System Development Controls, such
as: Application Development Controls, IT Systems Testing Methodology,
End User Application Development Controls, Audit Trails, Software
Package Controls, and System Development Quality Controls. Also
examples of (a) methodologies for systems development, (b) the
contents of a feasibility study, a systems analysis and design
document, an application documentation set, an audit trail, an IT
acceptance procedure and an IT application test plan, (c) the contents
of test forms, (d) the contents of the documents of a software package
purchase process, and (e) system development performance measures, are
presented. In addition to these the following audit programs and
checklists are described: IT Data Management Controls Checklist,
Documentation Checklist, System Development Strategy Checklist, System
Development and Maintenance Checklist, End User Application
Development Checklist, Software Requirements Specification Checklist,
and Software Feasibility Approval Checklist.
Chapter 6: IT Security Controls
This chapter describes the main IT Security Controls, such as: IT
Security Guidelines and Standards, IT Security Policies and Plans,
Computer Operations Controls, Personnel Security Management Controls,
End User Security Administration Controls, Social Engineering
Controls, Password Controls, IT Technical Protection Controls, Other
Management Controls, Security Organizational Controls, and IT Security
Performance Measures. Also examples of (a) the contents of an IT
security management plan, (b) the contents of a systems development
security plan, and a site security handbook (c) the contents of a
physical and environmental security program, and (d) IT security
performance measures, are presented. In addition to these the
following audit program and checklists are described: IT Security
Audit Program, IT Security Policy Checklist, and Logical Security
Controls Checklist.
Chapter 7: Data Center Operational and Support Controls
This chapter describes the main Data Center Operational and Support
Controls, such as: Data Centre Controls, IT Contingency Planning and
Disaster Recovery Controls, Hardware Controls, and Personal Computers
Controls. Also examples of (a) an IT contingency planning methodology,
(b) a personal computers use policy and safe operations procedure, (c)
the contents of a vital records package and an IT disaster recovery
plan, (d) a set of forms to manage various IT issues, and (e) IT
operational performance measures, are presented. In addition to these
the following audit checklists are described: Physical Security
Checklist, Environmental Issues Checklist, Production Environment
Issues Checklist, Data Centre Management Checklist, Backup and
Recovery Checklist, IT Disaster Recovery Checklist, and Personal
Computers Checklist.
Chapter 8: Systems Software Controls
This chapter describes the main Systems Software Controls, such as:
Systems Operating Environment Controls, Data Base Controls, Data
Communications Controls, Audit Trail Controls, and Operating System,
Data Base and Data Communications software Change Management Controls.
Also examples of (a) the software suppliers maintenance procedure, (b)
the system software management process, (c) the contents of a data
communications management plan, and an audit trail record, (d) a set
of forms to manage the changes to system software, and (e) IT
technical performance measures, are presented. In addition to these
the following audit programs and checklists are described: Systems
Software Management Audit Program, System Software Acquisition
Checklist, Systems Software Operation Checklist, Data Management
Checklist, Data Base and Data Communications Checklist, Data Base
Management System Checklist, Data Networking Audit Program, and Data
Communications Checklist.
Chapter 9: Computerized Application Controls
This chapter describes the main Computerized Application Controls,
such as: Input Controls, Processing Controls, Output Controls,
Database Controls, Change Controls, and Testing Controls. Also
examples of (a) a test methodology, (b) a test plan and an application
audit trail record, (c) an organizational structure for application
software testing, (d) a set of forms to manage the application
software development and testing process, and (e) computerized
application performance measures, are presented.
In addition to these the following audit programs are described:
Computerized Application Controls Audit Program, Computerized
Application Quality Audit Program, Post Implementation Review Audit
Program, Web Applications Checklist, and Monitoring IT Application
Controls Checklist.
Chapter 10: Using IT Controls in Audit and Consulting Assignments
This chapter contains three case studies and one IT audit assignment
to improve the understanding of the IT controls contained in chapter 1
to 9 and the appendix of this book. These are: Retail Operation: IT
Strategy Case Study, Trading Company: Applications Controls Case
Study, Public Organization: IT Security Case Study, and IT Audit
Assignment for Organization ‘ABCXYZ’.
APPENDICES
The appendices contain: Examples of IT Security Policies, an example
of an IT Ethics Code, a Monitoring IT Controls Checklist, several
examples of IT Forms, an IT Audit Methodology, a list of IT Audit
Areas, an Internal Audit Report example, and a list of Governance and
Control Frameworks.
ADDENDUM to IT STRATEGIC AND OPERATIONAL CONTROLS
This separate volume contains Customisable IT audit programmes and
checklists in word format.
ABOUT THE AUTHOR
John Kyriazoglou is an international management consultant with over
35 years’ on-the-job practical experience with both private and public
sector organisations. He was educated in Canada and the U.S. (B.A.
Honours, and M.S.), is a CICA (Certified Internal Controls Auditor),
has published over 20 articles in professional publications, has
served on numerous scientific committees, is a member of ISACA, the
Institute for Internal Controls, Inc. (USA), and other professional
and cultural associations, and provides courses in IT Auditing,
Security and Electronic Crime Prevention.
=====NEW BOOK ANNOUNCEMENT==========
The 'IT STRATEGIC AND OPERATIONAL CONTROLS' Book
by John Kyriazoglou is now available as noted next:
PRINTED VERSION: www.itgovernance.co.uk/products/3066
E-BOOK FORMAT VERSION: www.itgovernance.co.uk/products/3067
ADDENDUM TO THE BOOK (Customisable IT Audit Programmes and Checklists
(WORD FORMAT): www.itgovernance.co.uk/products/3143
These can be purchased from www.itgovernance.co.uk, and other major
world distributors (e.g. AMAZON, HOLBORN (U.K.), TSO BOOKSHOP (U.K.),
etc.).
Author: John Kyriazoglou
Publisher: IT Governance Publishing
ISBN: 9781849280617
Pages: 686
Format: Softcover
Published date: 2 September 2010
SUMMARY DESCRIPTION
Vital information on how to systematically implement IT strategic and
operational controls to support and enhance your organisation!
Nowadays, integrated information systems can significantly magnify the
accrued benefits of a given project and greatly strengthen an
organisation, but such benefits are balanced by a serious risk. If IT
systems are not used in a disciplined manner they can create havoc and
they frequently bring about unexpected results and catastrophe, as
shown by the rise in security incidents and computer-based crimes.
Master IT controls concepts and issues. Written with practicality and
convenience in mind, this book is an ideal tool for those without
specialised technical expertise seeking to understand IT controls and
their design, implementation, monitoring, review and audit issues.
Minimise risk and maximise benefits. This book provides a
comprehensive guide to implementing an integrated and flexible set of
IT controls in a systematic way. It can help organisations to
formulate a complete culture for all areas which must be supervised
and controlled; allowing them to simultaneously ensure a secure, high
standard whilst striving to obtain the strategic and operational goals
of the company.
Benefits to business include:
(1) Understand and control the associated risks of IT systems. This
book contains practical advice and illustrates solutions to the
tremendously complicated problems of designing, implementing and
auditing new and existing systems, making use of practical and easily
customisable examples.
(2) Increase management’s aptitude to achieve operational goals. With
well-controlled, integrated and robust IT systems, you can gain a
comparative advantage in a
competitive environment, whilst ensuring that information is relevant,
accurate and timely.
(3) Ensure high standards within your IT systems. For each covered
aspect of control, this book provides audit programmes and checklists
to help management and auditors
carry out reviews and audits. As an additional aid, there is an
appendix comprising guidelines and examples of ‘how to enhance’ IT
security, IT policies and ethical code.
Auditors will find reference to a large number of very relevant tools
for use in auditing and reviewing IT operations.
Making use of a clear and pragmatic presentation, this book provides a
thorough description of all elements of IT controls in a systematic
and detailed way,
allowing managers, IT professionals, practitioners and auditors to
customise examples to their own specific purpose. It is a
comprehensive tool for anyone who
wishes to cement their understanding of IT controls and, most
importantly, for those who aim to realise the full capacity of
information systems, whilst rigorously controlling the concomitant
risks.
Buy this book (and its Customisable IT audit programmes and checklists
separate volume, Addendum to IT Strategic and Operational Controls in
word format) today and discover how to control the risk of dependency
on information systems, whilst raking in its associated benefits!
BOOK SYNOPSIS
This book is about Information Technology (IT) Strategic and
Operational Controls. IT controls enable and support all management
levels of the organization (top, middle, and lower) to accomplish the
IT strategic and operational goals of the organization. The book
covers all the IT areas and is structured in ten chapters and a set of
appendices, as noted below:
Chapter 1: IT Organization Controls
This chapter describes the main IT Organization Controls, such as: IT
Department Functional Description Controls, IT Organizational
Controls, IT Vision, Mission and Values, Monitoring and Review
Controls, IT Control Frameworks, and IT Organization Performance
Measures. Also examples of (a) IT terms of reference, (b) the contents
of four IT control frameworks (COBIT, ITIL, ISO/IEC 38500, and The
Calder-Moir IT Governance Framework), and (c) IT organization
performance measures, are presented.
In addition to these a set of audit programs and checklists are
described, such as: IT Terms of Reference Checklist, IT Organizational
Assessment Audit Program, IT Functional Assessment Audit Program, etc.
Chapter 2: IT Administration Controls
This chapter describes the main IT Administration Controls, such as:
IT Standards, Policies and Procedures, IT Budget, IT Asset Controls,
IT Personnel Management Controls, IT Purchasing Controls, IT
Management Reporting, and IT Administration Performance Measures. Also
examples of (a) an IT budget, (b) IT personnel job descriptions of a
Chief Information Officer, Business Systems Analyst, Application
Systems Analyst, etc., and (c) IT administration performance measures,
are presented. In addition to these the following audit programs and
checklists are described: IT Personnel Management Controls Audit
Program, IT Procedures Audit Program, Standards Checklist and
Segregation of Duties Checklist.
Chapter 3: Enterprise Architecture Controls
This chapter describes the main Enterprise Architecture Controls, such
as: Enterprise Architecture Frameworks, Enterprise or Operating Model
of the Organization, Business Process Narratives, Enterprise
Architecture Repository, etc., and Enterprise Architecture Performance
Measures. Also examples of (a) strategies, general goals, and
objectives, (b) mission, vision, and values statements, and (c) a
corporate ethics policy are presented.
In addition to these a set of audit checklists are described, such as:
Enterprise Architecture Framework Checklist, Corporate Vision,
Mission, and Values Statements Checklist, and Corporate Strategic Plan
Checklist.
Chapter 4: IT Strategic Controls
This chapter describes the main IT Strategic Controls, such as: IT
Strategic Process Controls, IT Strategy Implementation and Monitoring
Controls, and IT Strategic Performance Management Controls. Also
examples of (a) an IT Strategy Analysis Methodology, (b) an IT
Strategy Implementation Action Plan, (c) the contents of an IT
strategic plan and an IT Performance Management Policy, and (d) an IT
Balanced Scorecard and IT strategic performance measures, are
presented. In addition to these the following audit programs and
checklists are described: IT Strategic Planning Checklist, IT BSC
Implementation Checklist, IT Strategic Controls Implementation
Checklist, IT Performance Assessment Audit Program, and CIO Business
Plan Assessment Audit Program
Chapter 5: System Development Controls
This chapter describes the main IT System Development Controls, such
as: Application Development Controls, IT Systems Testing Methodology,
End User Application Development Controls, Audit Trails, Software
Package Controls, and System Development Quality Controls. Also
examples of (a) methodologies for systems development, (b) the
contents of a feasibility study, a systems analysis and design
document, an application documentation set, an audit trail, an IT
acceptance procedure and an IT application test plan, (c) the contents
of test forms, (d) the contents of the documents of a software package
purchase process, and (e) system development performance measures, are
presented. In addition to these the following audit programs and
checklists are described: IT Data Management Controls Checklist,
Documentation Checklist, System Development Strategy Checklist, System
Development and Maintenance Checklist, End User Application
Development Checklist, Software Requirements Specification Checklist,
and Software Feasibility Approval Checklist.
Chapter 6: IT Security Controls
This chapter describes the main IT Security Controls, such as: IT
Security Guidelines and Standards, IT Security Policies and Plans,
Computer Operations Controls, Personnel Security Management Controls,
End User Security Administration Controls, Social Engineering
Controls, Password Controls, IT Technical Protection Controls, Other
Management Controls, Security Organizational Controls, and IT Security
Performance Measures. Also examples of (a) the contents of an IT
security management plan, (b) the contents of a systems development
security plan, and a site security handbook (c) the contents of a
physical and environmental security program, and (d) IT security
performance measures, are presented. In addition to these the
following audit program and checklists are described: IT Security
Audit Program, IT Security Policy Checklist, and Logical Security
Controls Checklist.
Chapter 7: Data Center Operational and Support Controls
This chapter describes the main Data Center Operational and Support
Controls, such as: Data Centre Controls, IT Contingency Planning and
Disaster Recovery Controls, Hardware Controls, and Personal Computers
Controls. Also examples of (a) an IT contingency planning methodology,
(b) a personal computers use policy and safe operations procedure, (c)
the contents of a vital records package and an IT disaster recovery
plan, (d) a set of forms to manage various IT issues, and (e) IT
operational performance measures, are presented. In addition to these
the following audit checklists are described: Physical Security
Checklist, Environmental Issues Checklist, Production Environment
Issues Checklist, Data Centre Management Checklist, Backup and
Recovery Checklist, IT Disaster Recovery Checklist, and Personal
Computers Checklist.
Chapter 8: Systems Software Controls
This chapter describes the main Systems Software Controls, such as:
Systems Operating Environment Controls, Data Base Controls, Data
Communications Controls, Audit Trail Controls, and Operating System,
Data Base and Data Communications software Change Management Controls.
Also examples of (a) the software suppliers maintenance procedure, (b)
the system software management process, (c) the contents of a data
communications management plan, and an audit trail record, (d) a set
of forms to manage the changes to system software, and (e) IT
technical performance measures, are presented. In addition to these
the following audit programs and checklists are described: Systems
Software Management Audit Program, System Software Acquisition
Checklist, Systems Software Operation Checklist, Data Management
Checklist, Data Base and Data Communications Checklist, Data Base
Management System Checklist, Data Networking Audit Program, and Data
Communications Checklist.
Chapter 9: Computerized Application Controls
This chapter describes the main Computerized Application Controls,
such as: Input Controls, Processing Controls, Output Controls,
Database Controls, Change Controls, and Testing Controls. Also
examples of (a) a test methodology, (b) a test plan and an application
audit trail record, (c) an organizational structure for application
software testing, (d) a set of forms to manage the application
software development and testing process, and (e) computerized
application performance measures, are presented.
In addition to these the following audit programs are described:
Computerized Application Controls Audit Program, Computerized
Application Quality Audit Program, Post Implementation Review Audit
Program, Web Applications Checklist, and Monitoring IT Application
Controls Checklist.
Chapter 10: Using IT Controls in Audit and Consulting Assignments
This chapter contains three case studies and one IT audit assignment
to improve the understanding of the IT controls contained in chapter 1
to 9 and the appendix of this book. These are: Retail Operation: IT
Strategy Case Study, Trading Company: Applications Controls Case
Study, Public Organization: IT Security Case Study, and IT Audit
Assignment for Organization ‘ABCXYZ’.
APPENDICES
The appendices contain: Examples of IT Security Policies, an example
of an IT Ethics Code, a Monitoring IT Controls Checklist, several
examples of IT Forms, an IT Audit Methodology, a list of IT Audit
Areas, an Internal Audit Report example, and a list of Governance and
Control Frameworks.
ADDENDUM to IT STRATEGIC AND OPERATIONAL CONTROLS
This separate volume contains Customisable IT audit programmes and
checklists in word format.
ABOUT THE AUTHOR
John Kyriazoglou is an international management consultant with over
35 years’ on-the-job practical experience with both private and public
sector organisations. He was educated in Canada and the U.S. (B.A.
Honours, and M.S.), is a CICA (Certified Internal Controls Auditor),
has published over 20 articles in professional publications, has
served on numerous scientific committees, is a member of ISACA, the
Institute for Internal Controls, Inc. (USA), and other professional
and cultural associations, and provides courses in IT Auditing,
Security and Electronic Crime Prevention.
Reply all
Reply to author
Forward
0 new messages