美国前总统约翰. Kennedy said, “The Chinese use two brush strokes to write the word ‘crisis.’ One brush stroke stands for danger; the other for opportunity. In a crisis, be aware of the danger, but recognize the opportunity.” Businesses recognize that they need to take advantage of opportunities to keep growing. 尽管风险不可避免, some risk is too great a danger when compared to its associated opportunity, especially for small and midsized enterprises (SMEs) that need to take a more pragmatic approach to ensure they stay afloat in today’s business environment. The risk associated with the IT environment and applications is particularly difficult to communicate to the business as many of the related concepts are not well understood by those outside of the technology realm. How can security professionals evaluate the magnitude of risk and communicate it appropriately to businesses so that they can factor this into their decision making?
它的审计 and Application Controls for Small and Mid-sized 澳门赌场官方下载s: Revenue, 支出, 库存, 工资, 和更多的 offers a practical approach to identify the risk associated with the SME IT environment and the likely applications and controls deployed in an SME. The book is written to help financial statement auditors understand this risk, which can also help IT auditors understand the appropriate language to use to communicate risk appropriately to the business so that it is understood.
The book is thorough and covers specific operational and financial statement risk to different cycles (e.g., 收入, 支出, 库存, 工资表)来帮助解释周期风险, controls and the related application-level controls. It also covers the IT audit and controls that emerged from the Committee of Sponsoring Organizations of the Treadway Commission (COSO) and the Public Company Accounting Oversight Board (PCAOB), 用COBIT覆盖COSO. This is critical for those auditing IT or adhering to the US Sarbanes-Oxley Act of 2002 (SOX) to understand and be able to use. 有一个部分要讨论, evaluate and present IT audit deficiencies in language and terms that will facilitate a more useful discussion with management and financial statement auditors.
The book addresses spreadsheet and desktop tools, their risk and top exposures. Any auditor who has been working to ensure their company complies with SOX or similar legislation in other jurisdictions will have a significant interest in helping management understand risk and ensure the protection and reliability of sensitive spreadsheet information. The book concludes with a section to discuss key reports, 报告写作工具, 以及相关的风险和暴露.
This book provides a practical approach to understanding the basics of IT audit and application controls. 通过使用商业语言, it helps to bridge the communication gap between IT and management. This book is recommended to any professional new to IT audit or it can also be used as a reference book that covers the key basics required for SOX legislation compliance for anyone who is involved in conducting, 审查或评估IT审计工作. Only once enterprises understand risk and controls can they begin to evaluate opportunities and help businesses make better decisions.
A审核. Krista Kivisild, CISA, CA, CPA, who has had a diverse career in audit while working in government, 私人公司和公共机构. Kivisild有IT审计经验, 治理, 合规/监管审计, value-for- money auditing and operational auditing. 她曾担任过志愿教师, training not-for-profit boards on board 治理 concepts; has worked with the Alberta (Canada) Government Board Development Program; and has served as the membership director and CISA director for the ISACA Winnipeg (Manitoba, 加拿大)章.