libib

Menu

Auditing, Risk, and Controls


Tag List

ABCDEFGHIJKLMNOPQRSTUVWXYZ#ALL
A
A
1 Available

Auditing IT Infrastructures For Compliance (Information Systems Security and Assurance)

Martin Weiss, Michael G. Solomon

2010    384 Pages    (Jones & Bartlett Learning)

Information systems and IT infrastructures are no longer void from governance and compliance given recent U.S.-based compliancy laws that were consummated during the early to mid-2000s. As a result of these laws, both public sector and private sector verticals must have proper security controls in place. Auditing IT Infrastructures for Compliance identifies and explains what each of these compliancy laws requires. It then goes on to discuss how to audit an IT infrastructure for compliance based [...]

Information systems and IT infrastructures are no longer void from governance and compliance given recent U.S.-based compliancy laws that were consummated during the early to mid-2000s. As a result of these laws, both public sector and private sector verticals must have proper security controls in place. Auditing IT Infrastructures for Compliance identifies and explains what each of these compliancy laws requires. It then goes on to discuss how to audit an IT infrastructure for compliance based on the laws and the need to protect and secure business and consumer privacy data. It closes with a resource for readers who desire more information on becoming skilled at IT auditing and IT compliance auditing. [less]

auditingIT
1 Available

Auditing That Matters

Norman Marks

2016    266 Pages    (CreateSpace Independent Publishing Platform)

Auditing that matters provides practical advice from an experienced chief audit executive (CAE) who is considered one of the most influential global thought leaders in the internal audit profession. It's about: Providing the assurance, advice, and insight that the leaders of the organization need Focusing on the risks and issues that matter to the executive management team and the board Practicing enterprise risk-based auditing Communicating effectively to management and the board what they need [...]

Auditing that matters provides practical advice from an experienced chief audit executive (CAE) who is considered one of the most influential global thought leaders in the internal audit profession. It's about: Providing the assurance, advice, and insight that the leaders of the organization need Focusing on the risks and issues that matter to the executive management team and the board Practicing enterprise risk-based auditing Communicating effectively to management and the board what they need to know, when they need to know, in a useful and actionable form Building the team and processes to deliver world-class internal audit services Internal auditing can matter to the leaders of the organization by providing information they need to make decisions with confidence in management's ability to manage risks and execute on strategy. The book has been acclaimed by prominent leaders in the profession from around the world. This is a timely book for internal auditors who want to accelerate their careers. [less]

auditing
E
E
1 Available

Enterprise Risk Management: From Incentives to Controls

James Lam

2003    336 Pages    (Wiley)

Enterprise risk management is a complex yet critical issue that all companies must deal with as they head into the twenty-first century. It empowers you to balance risks with rewards as well as people with processes. But to master the numerous aspects of enterprise risk management, you must first realize that this approach is not only driven by sound theory but also by sound practice. No one knows this better than risk management expert James Lam. In Enterprise Risk Management: From Incentives [...]

Enterprise risk management is a complex yet critical issue that all companies must deal with as they head into the twenty-first century. It empowers you to balance risks with rewards as well as people with processes. But to master the numerous aspects of enterprise risk management, you must first realize that this approach is not only driven by sound theory but also by sound practice. No one knows this better than risk management expert James Lam. In Enterprise Risk Management: From Incentives to Controls, Lam distills twenty years' worth of experience in this field to give you a clear understanding of both the art and science of enterprise risk management.Organized into four comprehensive sections, Enterprise Risk Management offers in-depth insights, practical advice, and real world case studies that explore every aspect of this important field.Section I: Risk Management in Context lays a solid foundation for understanding the role of enterprise risk management in today’s business environment.Section II: The Enterprise Risk Management Framework offers an executive education on the business rationale for integrating risk management processes.Section III: Risk Management Applications discusses the applications of risk management in two dimensions–functions and industries.Section IV: A Look to the Future rounds out this comprehensive discussion of enterprise risk management by examining emerging topics in risk management with respect to people and technology. [less]

riskriskmanagement
1 Available

Executive's Guide to COSO Internal Controls: Understanding and Implementing the New Framework

Robert R. Moeller

2013    304 Pages    (Wiley)

Executive's Guide to COSO Internal Controls provides a step-by-step plan for installing and implementing effective internal controls with an emphasis on building improved IT as well as other internal controls and integrating better risk management processes. The COSO internal controls framework forms the basis for establishing Sarbanes-Oxley compliance and internal controls specialist Robert Moeller looks at topics including the importance of effective systems on internal controls in today's [...]

Executive's Guide to COSO Internal Controls provides a step-by-step plan for installing and implementing effective internal controls with an emphasis on building improved IT as well as other internal controls and integrating better risk management processes. The COSO internal controls framework forms the basis for establishing Sarbanes-Oxley compliance and internal controls specialist Robert Moeller looks at topics including the importance of effective systems on internal controls in today's enterprises, the new COSO framework for effective enterprise internal controls, and what has changed since the 1990s internal controls framework. * Written by Robert Moeller, an authority in internal controls and IT governance * Practical, no-nonsense coverage of all three dimensions of the new COSO framework * Helps you change systems and processes when implementing the new COSO internal controls framework * Includes information on how ISO internal control and risk management standards as well as COBIT can be used with COSO internal controls * Other titles by Robert Moeller: IT Audit, Control, and Security, Executives Guide to IT Governance Under the Sarbanes-Oxley Act, every corporation has to assert that their internal controls are adequate and public accounting firms certifying those internal controls are attesting to the adequacy of those same internal controls, based on the COSO internal controls framework. Executive's Guide to COSO Internal Controls thoroughly considers improved risk management processes as part of the new COSO framework; the importance of IT systems and processes; and risk management techniques. [less]

controls
F
F
1 Available

Failure of Risk Management: Why It's Broken and How to Fix It, The

Douglas W. Hubbard

2009    304 Pages    (Wiley)

An essential guide to the calibrated risk analysis approach The Failure of Risk Management takes a close look at misused and misapplied basic analysis methods and shows how some of the most popular "risk management" methods are no better than astrology! Using examples from the 2008 credit crisis, natural disasters, outsourcing to China, engineering disasters, and more, Hubbard reveals critical flaws in risk management methods–and shows how all of these problems can be fixed. The solutions [...]

An essential guide to the calibrated risk analysis approach

The Failure of Risk Management takes a close look at misused and misapplied basic analysis methods and shows how some of the most popular "risk management" methods are no better than astrology! Using examples from the 2008 credit crisis, natural disasters, outsourcing to China, engineering disasters, and more, Hubbard reveals critical flaws in risk management methods–and shows how all of these problems can be fixed. The solutions involve combinations of scientifically proven and frequently used methods from nuclear power, exploratory oil, and other areas of business and government. Finally, Hubbard explains how new forms of collaboration across all industries and government can improve risk management in every field. [less]

riskriskmanagement
1 Available

Fundamentals of Information Risk Management Auditing

Christopher Wright, IT Governance Publishing Staff (Editor)

2016    172 Pages    (IT Governance Ltd)

Protect your organisation from information security risks For any modern business to thrive, it must assess, control and audit the risks it faces in a manner appropriate to its risk appetite. As information-based risks and threats continue to proliferate, it is essential that they are addressed as an integral component of your enterprise's risk management strategy, not in isolation. They must be identified, documented, assessed and managed, and assigned to risk owners so that they can be [...]

Protect your organisation from information security risks For any modern business to thrive, it must assess, control and audit the risks it faces in a manner appropriate to its risk appetite. As information-based risks and threats continue to proliferate, it is essential that they are addressed as an integral component of your enterprise's risk management strategy, not in isolation. They must be identified, documented, assessed and managed, and assigned to risk owners so that they can be mitigated and audited. Fundamentals of Information Risk Management Auditing provides insight and guidance on this practice for those considering a career in information risk management, and an introduction for non-specialists, such as those managing technical specialists. Product overview Fundamentals of Information Risk Management Auditing - An Introduction for Managers and Auditors has four main parts: What is risk and why is it important? An introduction to general risk management and information risk. Introduction to general IS and management risks An overview of general information security controls, and controls over the operation and management of information security, plus risks and controls for the confidentiality, integrity and availability of information. Introduction to application controls An introduction to application controls, the controls built into systems to ensure that they process data accurately and completely. Life as an information risk management specialist/auditor A guide for those considering, or undergoing, a career in information risk management. Each chapter contains an overview of the risks and controls that you may encounter when performing an audit of information risk, together with suggested mitigation approaches based on those risks and controls. Chapter summaries provide an overview of the salient points for easy reference, and case studies illustrate how those points are relevant to businesses. The book concludes with an examination of the skills and qualifications necessary for an information risk management auditor, an overview of typical job responsibilities, and an examination of the professional and ethical standards that an information risk auditor should adhere to. Topics covered Fundamentals of Information Risk Management Auditing covers, among other subjects, the three lines of defence; change management; service management; disaster planning; frameworks and approaches, including Agile, COBIT(r)5, CRAMM, PRINCE2(r), ITIL(r) and PMBOK; international standards, including ISO 31000, ISO 27001, ISO 22301 and ISO 38500; the UK Government's Cyber Essentials scheme; IT security controls; and application controls. [less]

auditingITriskriskmanagement
I
I
1 Available

Information Technology Auditing

James A. Hall

2015    672 Pages    (South-Western College Pub)

Gain a thorough understanding of how modern audits are conducted in today's computer-driven business environment with INFORMATION TECHNOLOGY AUDITING, 4E. You gain valuable insights into state-of-the-art auditing issues as this leading accounting text provides you with the background you need to succeed in today's business world. This edition focuses on the latest information technology aspects of auditing with up-to-date coverage of auditor responsibilities, emerging legislation, and today's [...]

Gain a thorough understanding of how modern audits are conducted in today's computer-driven business environment with INFORMATION TECHNOLOGY AUDITING, 4E. You gain valuable insights into state-of-the-art auditing issues as this leading accounting text provides you with the background you need to succeed in today's business world. This edition focuses on the latest information technology aspects of auditing with up-to-date coverage of auditor responsibilities, emerging legislation, and today's fraud techniques and detection. Expanded end-of-chapter questions, problems, and cases give you important hands-on practice for success in your future career. [less]

auditingIT
1 Available

Introduction to Risk Management and Insurance

Mark S Dorfman

2012    504 Pages    (PH)

Focusing on problem-solving, this book emphasizes the business aspects of risk management as well as consumer applications of risk management and insurance. KEY TOPICS: " With an analysis of many current problems facing the insurance industry this book is both relevant and immediate. The sixth edition of "Introduction to Risk Management and Insurance" has been revised to include coverage of International Risk Management (and a new case study); Employment Practices Liability (with case studies on [...]

Focusing on problem-solving, this book emphasizes the business aspects of risk management as well as consumer applications of risk management and insurance. KEY TOPICS: " With an analysis of many current problems facing the insurance industry this book is both relevant and immediate. The sixth edition of "Introduction to Risk Management and Insurance" has been revised to include coverage of International Risk Management (and a new case study); Employment Practices Liability (with case studies on sexual harassment and the ... [less]

riskriskmanagement
1 Available

IT Auditing Using Controls to Protect Information Assets, 2nd Edition

Chris Davis, Mike Schiller, Kevin Wheeler

2011    512 Pages    (McGraw-Hill Osborne Media)

Fully updated to cover leading-edge tools and technologies, IT Auditing: Using Controls to Protect Information Assets, Second Edition, explains, step by step, how to implement a successful, enterprise-wide IT audit program. New chapters on auditing cloud computing, outsourced operations, virtualization, and storage are included. This comprehensive guide describes how to assemble an effective IT audit team and maximize the value of the IT audit function. In-depth details on performing specific [...]

Fully updated to cover leading-edge tools and technologies, IT Auditing: Using Controls to Protect Information Assets, Second Edition, explains, step by step, how to implement a successful, enterprise-wide IT audit program. New chapters on auditing cloud computing, outsourced operations, virtualization, and storage are included. This comprehensive guide describes how to assemble an effective IT audit team and maximize the value of the IT audit function. In-depth details on performing specific audits are accompanied by real-world examples, ready-to-use checklists, and valuable templates. Standards, frameworks, regulations, and risk management techniques are also covered in this definitive resource. Build and maintain an internal IT audit function with maximum effectiveness and value Audit entity-level controls, data centers, and disaster recovery Examine switches, routers, and firewalls Evaluate Windows, UNIX, and Linux operating systems Audit Web servers and applications Analyze databases and storage solutions Assess WLAN and mobile devices Audit virtualized environments Evaluate risks associated with cloud computing and outsourced operations Drill down into applications to find potential control weaknesses Use standards and frameworks, such as COBIT, ITIL, and ISO Understand regulations, including Sarbanes-Oxley, HIPAA, and PCI Implement proven risk management practices [less]

auditingcontrolsIT
1 Available

IT Risk Management Complete Self-Assessment Guide

Gerardus Blokdyk

2017    112 Pages    (CreateSpace Independent Publishing Platform)

Meeting the challenge: are missed IT Risk Management opportunities costing us money? How does the organization define, manage, and improve its IT Risk Management processes? Who is the IT Risk Management process owner? What are the compelling business reasons for embarking on IT Risk Management? Think about the kind of project structure that would be appropriate for your IT Risk Management project. should it be formal and complex, are can it be less formal and relatively simple? Defining, [...]

Meeting the challenge: are missed IT Risk Management opportunities costing us money? How does the organization define, manage, and improve its IT Risk Management processes? Who is the IT Risk Management process owner? What are the compelling business reasons for embarking on IT Risk Management? Think about the kind of project structure that would be appropriate for your IT Risk Management project. should it be formal and complex, are can it be less formal and relatively simple? Defining, designing, creating, and implementing a process to solve a business challenge or meet a business objective is the most valuable role... In EVERY company, organization and department. Unless you are talking a one-time, single-use project within a business, there should be a process. Whether that process is managed and implemented by humans, AI, or a combination of the two, it needs to be designed by someone with a complex enough perspective to ask the right questions. Someone capable of asking the right questions and step back and say, 'What are we really trying to accomplish here? And is there a different way to look at it?' For more than twenty years, The Art of Service's Self-Assessments empower people who can do just that - whether their title is marketer, entrepreneur, manager, salesperson, consultant, business process manager, executive assistant, IT Manager, CxO etc... - they are the people who rule the future. They are people who watch the process as it happens, and ask the right questions to make the process work better. This book is for managers, advisors, consultants, specialists, professionals and anyone interested in IT Risk Management assessment. Featuring 608 new and updated case-based questions, organized into seven core areas of process design, this Self-Assessment will help you identify areas in which IT Risk Management improvements can be made. In using the questions you will be better able to: - diagnose IT Risk Management projects, initiatives, organizations, businesses and processes using accepted diagnostic standards and practices - implement evidence-based best practice strategies aligned with overall goals - integrate recent advances in IT Risk Management and process design strategies into practice according to best practice guidelines Using a Self-Assessment tool known as the IT Risk Management Scorecard, you will develop a clear picture of which IT Risk Management areas need attention. Included with your purchase of the book is the IT Risk Management Self-Assessment downloadable resource, containing all 608 questions and Self-Assessment areas of this book. This helps with ease of (re-)use and enables you to import the questions in your preferred Management or Survey Tool. Access instructions can be found in the book. You are free to use the Self-Assessment contents in your presentations and materials for customers without asking us - we are here to help. This Self-Assessment has been approved by The Art of Service as part of a lifelong learning and Self-Assessment program and as a component of maintenance of certification. Optional other Self-Assessments are available. For more information, visit theartofservice.com [less]

ITriskriskmanagement
M
M
1 Available

Managing Fraud Risk: A Practical Guide for Directors and Managers

2013    352 Pages    (Wiley)

A strategic, practical, cost-effective approach to fraud prevention In troubled economic times, the risk of fraud and financial crime increases. In our post credit crunch environment, new laws and tougher penalties for financial crime mean that if you are in business, you have a responsibility to help fight fraud. However, to design effective, proportionate fraud controls for your business, you need a complete picture of all the risks. "Managing Fraud Risk" shows you where to look for fraud, [...]

A strategic, practical, cost-effective approach to fraud prevention In troubled economic times, the risk of fraud and financial crime increases. In our post credit crunch environment, new laws and tougher penalties for financial crime mean that if you are in business, you have a responsibility to help fight fraud. However, to design effective, proportionate fraud controls for your business, you need a complete picture of all the risks. "Managing Fraud Risk" shows you where to look for fraud, setting out a route-map for finding and fighting fraud risks in your business, with the practical, strategic advice you need. Combining the latest theory with forensic risk analysis, this book reveals how you can provide assurance to your Board and stakeholders. Practical examples are used to clearly show cost-effective techniques for preventing and detecting business fraud. An innovative fraud awareness quiz enables you to easily apply the theories and principles. Answers questions such as: Who commits more fraud: men or women? How many of your employees are prepared to falsify documents? Essential information to ensure your procedures are sufficient to meet compliance with new international legislation increasing the liability of directors and managers in cases of fraud and corruption Takes a new perspective from the point of view of business risk, making it unique to other texts that take only an auditing, investigative, or specialist approach This route-map is essential reading to help you navigate the complex landscape of business fraud. [less]

controlsfraudriskriskmanagement
1 Available

Managing the Risks of IT Outsourcing

Ian Tho

2005    224 Pages    (Routledge)

This book shows IT managers how to identify, mitigate and manage risks in an IT outsourcing exercise. The book explores current trends and highlights key issues and changes that are taking place within outsourcing. Attention is given to identifying the drivers and related risks of outsourcing by examining recently published and existing concepts of IT outsourcing. Founded on academic theory and empirical and quantitative information, this book: * Incorporates the complete risk identification and [...]

This book shows IT managers how to identify, mitigate and manage risks in an IT outsourcing exercise. The book explores current trends and highlights key issues and changes that are taking place within outsourcing. Attention is given to identifying the drivers and related risks of outsourcing by examining recently published and existing concepts of IT outsourcing. Founded on academic theory and empirical and quantitative information, this book: * Incorporates the complete risk identification and mitigation life cycle * Highlights the concept of core competency * Looks at motivating factors and working relationships of the buyer and supplier * Provides background to understand the risks as a result of human factors as defined by the agency theory * Reviews the areas of risk that influence the decision to outsource the IT function * Examines the forces that determine the equilibrium in the risk profiles for the buyer and supplier [less]

ITriskmanagement
P
P
1 Available

Principles of Risk Management and Insurance (12th Edition) (Pearson Series in Finance)

George E. Rejda, Michael McNamara

2013    720 Pages    (Prentice Hall)

Intended primarily for undergraduate courses in Risk Management and Insurance, this text also provides practical content to current and aspiring industry professionals. Principles of Risk Management and Insurance is the market-leading text, focusing primarily on the consumers of insurance, and blending basic risk management and insurance principles with consumer considerations. The twelfth edition provides an in-depth treatment of major risk management and insurance topics. Coverage includes a [...]

Intended primarily for undergraduate courses in Risk Management and Insurance, this text also provides practical content to current and aspiring industry professionals. Principles of Risk Management and Insurance is the market-leading text, focusing primarily on the consumers of insurance, and blending basic risk management and insurance principles with consumer considerations. The twelfth edition provides an in-depth treatment of major risk management and insurance topics. Coverage includes a discussion of basic concepts of risk and insurance, introductory and advanced topics in risk management, functional and financial operations of insurers, legal principles, life and health insurance, property and liability insurance, employee benefits, and social insurance. In addition, the new Affordable Care Act is discussed in depth. [less]

insuranceriskriskmanagement
R
R
1 Available

Risk Management for IT Projects

Bennet Lientz, Lee Larssen

2011    352 Pages    (Routledge)

The rate of failure of IT projects has remained little changed in survey after survey over the past 15-20 years—over 40-50%. This has happened in spite of new technology, innovative methods and tools, and different management methods. Why does this happen? Why can’t the situation be better? One reason is that many think of each IT effort as unique. In reality many IT projects are very similar at a high, strategic level. Where they differ is in the people and exact events—the detail. If you [...]

The rate of failure of IT projects has remained little changed in survey after survey over the past 15-20 years—over 40-50%. This has happened in spite of new technology, innovative methods and tools, and different management methods. Why does this happen? Why can’t the situation be better? One reason is that many think of each IT effort as unique. In reality many IT projects are very similar at a high, strategic level. Where they differ is in the people and exact events—the detail. If you read the literature or have been in information systems or IT for some time, you have seen the same reasons for failure and the same problems and issues recur again and again. In this book IT Management experts Ben Lientz and Lee Larssen show you how to identify and track the recurring issues leading to failure in IT projects and provide a proven, modern method for addressing them. By following the recommendations in this books readers can significantly reduce the risk of IT failures and increase the rate of success. Benefits of using this approach:• Issues are identified earlier—giving more time for solution and action.• Issues are resolved more consistently since the approach tracks on their repetition.• You get an early warning of problems in IT work—before the budget or schedule fall apart.• Management tends to have more realistic expectations with an awareness of issues.• Users and managers have greater confidence in IT due to the improved handling of issues.• Since the number of issues tends to stabilize in an organization, the IT organization and management get better at detecting, preventing, and dealing with issues over time—cumulative improvement.• Giving attention to issues make users more realistic in their requests and acts to deter requirement changes and scope creep. [less]

ITprojectsriskriskmanagement
T
T
1 Available

Trusted Advisors: Key Attributes of Outstanding Internal Auditors

Richard F. Chambers, President and CEO of The IIA

2017    160 Pages    (Internal Audit Foundation)

Misappropriations in the business world in recent years have threatened the public s trust and management s trust in those at the helm to act ethically and with integrity. Yet, it s become an opportunity for internal audit professionals to sharpen their skills and become trusted advisors within their organizations, providing assurance and sound advice to the board and audit committee. In Trusted Advisors: Key Attributes of Outstanding Internal Auditors, Richard Chambers shares top attributes [...]

Misappropriations in the business world in recent years have threatened the public s trust and management s trust in those at the helm to act ethically and with integrity. Yet, it s become an opportunity for internal audit professionals to sharpen their skills and become trusted advisors within their organizations, providing assurance and sound advice to the board and audit committee. In Trusted Advisors: Key Attributes of Outstanding Internal Auditors, Richard Chambers shares top attributes needed to excel as an internal audit professional and be viewed as the go-to person within the entity. Surveying nearly 300 chief audit executives (CAEs) globally and interviewing some individually Richard gathered data confirming his personal viewpoint of what it takes to become successful internal auditors. Whether your career is just launching or you re a veteran in your field, the guidance gleaned from the collective experience of these experts will propel you into the next phase of your profession. [less]

auditing
loading
Powered by Libib