The Operational Auditing Handbook - Auditing Business & I.T. Processes
by Andrew Chambers and Graham Rand
(2nd ed., Wiley, March 2010, ISBN 0470744766, about 1,200 large format pages)
The first edition appeared in 1997 and, with reprints, has remained in demand and in print until replaced by this second edition in March 2010. This second edition is very considerably expanded. Purchasers of the book can access a web-based resource of standard audit programme guides. Chapters in the book, excluding the extensive appendices, are:
|
PART I UNDERSTANDING OPERATIONAL AUDITING |
|
|
1 |
Approaches to operational auditing |
|
2 |
Business processes |
|
3 |
Developing operational review programmes for managerial and audit use |
|
4 |
Governance processes |
|
5 |
Risk management processes |
|
6 |
Internal control processes |
|
7 |
Review of the control environment |
|
8 |
Reviewing internal control over financial reporting – the Sarbanes-Oxley approach |
|
9 |
Business/ management techniques and their impact on control and audit |
|
10 |
Control self assessment |
|
11 |
Evaluating the internal audit activity |
|
PART II AUDITING KEY FUNCTIONS |
|
|
12 |
Auditing the finance and accounting functions |
|
13 |
Auditing subsidiaries and remote operating units |
|
14 |
Auditing contracts and the purchasing function |
|
15 |
Auditing operations and resource management |
|
16 |
Auditing marketing and sales |
|
17 |
Auditing distribution |
|
18 |
Auditing human resources |
|
19 |
Auditing research and development |
|
20 |
Auditing security |
|
21 |
Auditing environmental responsibility |
|
PART III AUDITING INFORMATION TECHNOLOGY |
|
|
22 |
Auditing information technology |
|
23 |
IT Strategic Planning |
|
24 |
IT Organisation |
|
25 |
IT Policy Framework |
|
26 |
Information Asset Register* |
|
27 |
Capacity Management |
|
28 |
Information Management (IM)* |
|
29 |
Records Management (RM)* |
|
30 |
Knowledge Management (KM)* |
|
31 |
IT sites and Infrastructure (including physical security) |
|
32 |
Processing Operations |
|
33 |
Back-up and Media Management |
|
34 |
Removable media |
|
35 |
System and Operating Software (including patch management) |
|
36 |
System Access Control (or logical security) |
|
37 |
Personal Computers (including laptops and PDAs) |
|
38 |
Remote Working |
|
39 |
|
|
40 |
Internet Usage |
|
41 |
Software Maintenance (including change management) |
|
42 |
Networks |
|
43 |
Databases |
|
44 |
Data Protection |
|
45 |
Freedom of Information |
|
45 |
Data Transfer and Sharing (Standards and Protocol Guidelines) |
|
47 |
Legal Responsibilities |
|
48 |
Facilities Management |
|
49 |
System Development |
|
50 |
Software Selection |
|
51 |
Contingency Planning |
|
52 |
Human Resources information security |
|
53 |
Monitoring and Logging |
|
54 |
Information Security incidents |
|
55 |
Data Retention and Disposal |
|
56 |
Electronic Data Interchange (EDI) and the use of secure networks |
|
57 |
Viruses |
|
58 |
User Support |
|
59 |
BACS (i.e. automated cash/funds transfer) |
|
60 |
Spreadsheet design and good practice |
|
61 |
IT Health Checks |
|
62 |
IT Accounting |
|
|
|
|
|
|
|
|
|
provides high quality consultancy and training services to boards, audit committees and auditors to improve corporate governance and audit
Management-Audit.com
