Information Technology Control and Audit, 4/e (Hardcover)

Sandra Senft, Frederick Gallegos, Aleksandra Davis



The new edition of a bestseller, Information Technology Control and Audit, Fourth Edition provides a comprehensive and up-to-date overview of IT governance, controls, auditing applications, systems development, and operations. Aligned to and supporting the Control Objectives for Information and Related Technology (COBIT), it examines emerging trends and defines recent advances in technology that impact IT controls and audits—including cloud computing, web-based applications, and server virtualization.

Filled with exercises, review questions, section summaries, and references for further reading, this updated and revised edition promotes the mastery of the concepts and practical implementation of controls needed to manage information technology resources effectively well into the future. Illustrating the complete IT audit process, the text:

  • Considers the legal environment and its impact on the IT field—including IT crime issues and protection against fraud
  • Explains how to determine risk management objectives
  • Covers IT project management and describes the auditor’s role in the process
  • Examines advanced topics such as virtual infrastructure security, enterprise resource planning, web application risks and controls, and cloud and mobile computing security
  • Includes review questions, multiple-choice questions with answers, exercises, and resources for further reading in each chapter

This resource-rich text includes appendices with IT audit cases, professional standards, sample audit programs, bibliography of selected publications for IT auditors, and a glossary. It also considers IT auditor career development and planning and explains how to establish a career development plan. Mapping the requirements for information systems auditor certification, this text is an ideal resource for those preparing for the Certified Information Systems Auditor (CISA) and Certified in the Governance of Enterprise IT (CGEIT) exams.

Instructor's guide and PowerPoint® slides available upon qualified course adoption.