Information Technology Control and Audit, 4/e (Hardcover)

Sandra Senft, Frederick Gallegos, Aleksandra Davis



The new edition of a bestseller, Information Technology Control and Audit, Fourth Edition provides a comprehensive and up-to-date overview of IT governance, controls, auditing applications, systems development, and operations. Aligned to and supporting the Control Objectives for Information and Related Technology (COBIT), it examines emerging trends and defines recent advances in technology that impact IT controls and audits—including cloud computing, web-based applications, and server virtualization.

Filled with exercises, review questions, section summaries, and references for further reading, this updated and revised edition promotes the mastery of the concepts and practical implementation of controls needed to manage information technology resources effectively well into the future. Illustrating the complete IT audit process, the text:

  • Considers the legal environment and its impact on the IT field—including IT crime issues and protection against fraud
  • Explains how to determine risk management objectives
  • Covers IT project management and describes the auditor’s role in the process
  • Examines advanced topics such as virtual infrastructure security, enterprise resource planning, web application risks and controls, and cloud and mobile computing security
  • Includes review questions, multiple-choice questions with answers, exercises, and resources for further reading in each chapter

This resource-rich text includes appendices with IT audit cases, professional standards, sample audit programs, bibliography of selected publications for IT auditors, and a glossary. It also considers IT auditor career development and planning and explains how to establish a career development plan. Mapping the requirements for information systems auditor certification, this text is an ideal resource for those preparing for the Certified Information Systems Auditor (CISA) and Certified in the Governance of Enterprise IT (CGEIT) exams.

Instructor's guide and PowerPoint® slides available upon qualified course adoption.




- 考慮法律環境及其對IT領域的影響,包括IT犯罪問題和防範欺詐
- 解釋如何確定風險管理目標
- 講解IT項目管理並描述審計師在該過程中的角色
- 檢視高級主題,如虛擬基礎設施安全、企業資源規劃、網絡應用風險和控制,以及雲計算和移動計算安全
- 每章包含復習問題、帶答案的多選題、練習題和進一步閱讀資源