auditing

AUDITING
Featuring CISA® Exam Prep
ISACA BOOKSTORE
isaca.org/bookstore
CISA® Exam Prep Materials
BESTSELLING PRODUCT
ISACA® (isaca.org) helps global professionals lead, adapt
and assure trust in an evolving digital world by offering
innovative and world-class knowledge, standards,
networking, credentialing and career development.
Established in 1969, ISACA is a global nonprofit association
of 140,000 professionals in 180 countries. ISACA also
offers the Cybersecurity Nexus™ (CSX), a holistic
cybersecurity resource, and COBIT®, a business framework
to govern enterprise technology.
CISA® Review Questions, Answers &
Explanations Database—12-Month Subscription
CISA® Review Questions, Answers &
Explanations Database—6-Month Extension
The CISA® Review Questions, Answers & Explanations
Database is a comprehensive 1,000-question pool of
items that combines the questions from the CISA® Review
Questions, Answers & Explanations Manual, 11th Edition.
The database has been revised according to the recently
updated 2016 CISA Job Practice.
The CISA® Questions, Answers & Explanations Database—
6-Month Extension should be purchased only as an
extension to the CISA® Practice Question Database—
12-Month Subscription. The database is available via the
web, allowing CISA candidates to log in at home, at work
or anywhere they have Internet connectivity.
The database is available via the web, allowing CISA
Candidates to log in at home, at work or anywhere they
have Internet connectivity. This database is MAC and
Windows compatible.
After purchase, you can access this course by visiting
your MyISACA page and clicking CISA Question Database
Button.
Exam candidates can take sample exams with randomly
selected questions and view the results by job practice
domain, allowing for concentrated study in particular areas.
Additionally, questions generated during a study session
are sorted based on previous scoring history, allowing
CISA candidates to identify their strengths and weaknesses
and focus their study efforts accordingly.
2016
CISA
Review Questions, Answers
& Explanations Database
Member: US $45.00
Non-member: US $65.00
Product Code: XMXCA15-EXT180
Other features provide the ability to select sample exams
by specific job practice domain, view questions that were
previously answered incorrectly and vary the length of
study sessions, giving candidates the ability to customize
their study approach to fit their needs.
After purchase, you can access this course by visiting
your MyISACA page and clicking CISA Question Database
Button.
2016
CISA
Review Questions, Answers
& Explanations Database
Member: US $185.00
Non-member: US $225.00
Product Code: XMXCA15-12M
The CISA® Review Questions, Answers &
Explanations Database is also available on
CD-Rom in Spanish.
Contact the ISACA Bookstore
E-mail: [email protected]
Tel: +1.847.660.5650
Fax: +1.847.253.1443
Order online at isaca.org/bookstore
®
CISA Exam Prep Materials
CISA® Review Questions, Answers &
Explanations Manual, 11th Edition
CISA® Review Manual, 26th Edition
The CISA® Review Manual, 26th Edition is a comprehensive
reference guide designed to help individuals prepare for the
CISA exam and understand the roles and responsibilities
of an information systems (IS) auditor. The manual has
been revised according to the 2016 CISA Job Practice and
represents the most current, comprehensive, peer-reviewed
IS audit, assurance, security and control resource available.
Designed to familiarize candidates with the question types
and topics featured in the CISA exam, the CISA® Review
Questions, Answers & Explanations Manual, 11th Edition
consists of 1,000 multiple-choice study questions that
have previously appeared in the CISA® Review Questions,
Answers & Explanations Manual 2015 and the CISA®
Review Questions, Answers & Explanations Manual 2015
Supplement. The manual has been updated according to
the newly revised 2016 Job Practice.
The 26th edition is organized to assist candidates in
understanding essential concepts and studying the following
job practice areas: The Process of Auditing Information
Systems; Governance and Management of IT; Information
Systems Acquisition, Development and Implementation;
Information Systems Operations, Maintenance and Service
Management; Protection of Information Assets
Many questions have been revised or completely rewritten
to be more representative of the CISA exam question
format and/or to provide further clarity or explanation of
the correct answer. These questions are not actual exam
items but are intended to provide CISA candidates with an
understanding of the type and structure of questions and
content that have previously appeared on the exam. This
publication is ideal to use in conjunction with the:
The CISA® Review Manual, 26th Edition features an
easy-to-navigate format. Each of the five chapters has been
divided into two sections for focused study. Section one of
each chapter contains:
•
CISA Review Manual, 26th Edition
®
•
Definitions and objectives for the five areas, as well
as the corresponding tasks performed by IS auditors
and knowledge statements (required to plan, manage
and perform IS audits) that are tested on the exam
•
CISA® Review Questions, Answers & Explanations
Database – 12 Month Subscription
To assist candidates in maximizing study efforts, questions
are presented in the following two ways:
• A map of the relationship of each task to the knowledge statements
• Sorted by job practice area—Questions, answers and
explanations are sorted by the CISA job practice
areas. This allows the CISA candidate to refer to
questions that focus on a particular area as well as to
evaluate comprehension of the topics covered within
each practice area.
• A reference guide for the knowledge statements,
including the relevant concepts and explanations
• Self-assessment questions and explanations of the
answers
Section two of each chapter consists of reference material
and content that supports the knowledge statements.
The material enhances CISA candidates’ knowledge
and/or understanding when preparing for the CISA
certification exam. In addition, the CISA® Review Manual,
26th Edition includes brief chapter summaries focused
on the main topics and case studies to assist candidates
in understanding current practices. Also included are
definitions of terms most commonly found on the exam.
26 Edition
th
CISA
3701 Algonquin Road | Suite 1010
Rolling Meadows, IL 60008 | USA
P: +1.847.253.1545
F: +1.847.253.1443
E: [email protected]
isaca.org
Review Questions, Answers &
Explanations Manual
Available in: Chinese Simplified, Italian,
Japanese, and Spanish
11th Edition
Order online at isaca.org/bookstore
CISA Review Manual — 26th Edition
CISA Review Questions, Answers & Explanations Manual
th
CISA
Suite 1010
8 | USA
The manual also serves as an effective desk reference for
IS auditors.
Review Manual
11 Edition
— URMILLA PERSAD, CISA, CISM, CRISC
IT AUDIT MANAGER, FIRST CITIZENS TRINIDAD & TOBAGO
PORT OF SPAIN, TRINIDAD & TOBAGO
ISACA MEMBER SINCE 2004
Becoming ISACA-certified doesn’t just say you’re well read or well
connected. It announces that you have the expertise and insight
to speak with authority. The credibility that it adds lets you create
value for your enterprise. Your ISACA certifications are more than
just credentials, they are platforms that can elevate your career.
• References to specific content in section two for each
knowledge statement
• Scrambled as a sample 150-question exam—150 of
the 1,000 questions included in the manual are
selected to represent a full-length CISA exam, with
questions chosen in the same percentages as the
current CISA job practice areas. Candidates are urged
to use this sample test to simulate an actual exam and
to determine their strengths and weaknesses in order
to identify areas that require further study. Answer
sheets and an answer/reference key for the sample
exam are also included. All sample test questions have
been cross-referenced to the questions sorted by
practice area, making it convenient for the user to refer
back to the explanations of the correct answers.
Member: US $100.00
Non-member: US $130.00
Product Code: QAE11ED
“ISACA CERTIFICATIONS
SHOW YOU’RE
QUALIFIED.
EMPLOYERS CAN
INSTANTLY SEE
YOU AS AN ASSET.”
Member: US $105.00
Non-member: US $135.00
Product Code: CRM26ED
Available in: Chinese Simplified, French, Italian,
Japanese, and Spanish
CERTIFICATION EXAMS ARE HELD IN JUNE / SEPTEMBER / DECEMBER.
To learn more or register for an upcoming exam go to: www.isaca.org/certifications
Audit Resources
Auditing Cloud Computing: A Security and
Privacy Guide
A New Auditor’s Guide to Planning, Performing
and Presenting IT Audits
Information Technology Control and Audit,
Fourth Edition
Auditor’s Guide to IT Auditing and Software
Demo, Second Edition
by Ben Halpert
by Nelson Gibbs, Divakar Jain, Amitesh Joshi, Surekha
Muddamsetti, Sarabjot Singh
by Sandra Senft and Frederick Gallegos
by Richard E. Cascarino
The new edition of a bestseller, Information Technology
Control and Audit, Fourth Edition provides a comprehensive
and up-to-date overview of IT governance, controls, auditing
applications, systems development, and operations. Aligned
to, and supporting the Control Objectives for Information
and Related Technology (COBIT), it examines emerging
trends and defines recent advances in technology that
impact IT controls and audits—including cloud computing,
web-based applications, and server virtualization.
Many Auditors are unfamiliar with the techniques they need
to know to efficiently and effectively determine whether
information systems are adequately protected. Now in a
Second Edition, Auditor’s Guide to IT Auditing presents an
easy, practical guide for auditors that can be applied to all
computing environments.
Many organizations are reporting or projecting a significant
cost savings through the use of cloud computing-utilizing
shared computing resources to provide ubiquitous
access for organizations and end users. Just as many
organizations, however, are expressing concern with
security and privacy issues for their organization’s data in
the “cloud.” Auditing Cloud Computing provides necessary
guidance to build a proper audit to ensure operational
integrity and customer data protection, among other
aspects, are addressed for cloud based resources.
Member: US $65.00
Non-member: US $75.00
Product Code: 107ACC
Information technology is a highly dynamic, rapidly
changing environment. IT auditors are expected to stay
current with the latest tools, technologies and trends, and
may need to do additional research to prepare for specific
audits. This book is designed to help aspiring and active
internal auditors take a step back and understand the
general process and activities involved in conducting an
audit around technology.
Member: US $70.00
Non-member: US $80.00
Product Code: 1IIA
Member: US $90.00
Non-member: US $100.00
Product Code: 4CRC4
• Follows the approach used by the Information System Audit and Control Association’s model curriculum, making this book a practical guide for IS auditing
• Serves as an excellent study aid for those preparing
for the CISA and CISM exams
• Includes discussion of risk evaluation methodologies,
new regulations, SOX, privacy, banking, IT
governance, COBIT, outsourcing, network
management and the Cloud.
Member: US $95.00
Non-member: US $105.00
Product Code: 53WAG2
IT Auditing and Application Controls for Small
and Mid-Sized Enterprise: Revenue, Expenditure,
Inventory, Payroll, and More
by Jason Woods, William Brown, Harry Howe
If you’re a financial auditor needing working knowledge
of IT and application controls, IT Auditing and Application
Controls for Small and Mid-Sized Enterprise provides the
information you need. Conceptual overviews of key IT
auditing issues are included, as well as concrete hands-on
tips and techniques. Inside, you’ll find background and
guidance with appropriate reference to material published
by ISACA, AICPA, organized to show the increasing
complexity of systems, starting with general principles and
progressing through greater levels of functionality.
Member: US $70.00
Non-member: US $80.00
Product Code: 111WIT
Order online at isaca.org/bookstore
Securing Cloud and Mobility: A Practitioner’s
Guide
by Ian Lin, E.Coleen Coolidge, Paul Hourani
Although virtualization is a widely accepted technology,
there are few books dedicated to virtualization and security.
Securing Cloud and Mobility: A Practitioner’s Guide fills
this need by explaining how to secure the multifaceted
layers of private and public cloud deployments as well as
mobility infrastructures. With comprehensive coverage that
includes network, server, and endpoint security, it provides
a strategic view of the security implications of virtualization
and cloud computing.
Member: US $80.00
Non-member: US $90.00
Product Code: 58CRC
Security Strategies in Windows Platform and
Applications, Second Edition
by Michael G. Solomon
More than ninety percent of individuals, students,
educators, businesses, organizations, and governments
use Microsoft Windows, which has experienced frequent
attacks against its well-publicized vulnerabilities. Revised
and updated to keep pace with this ever-changing field,
Security Strategies in Windows Platform and Applications,
Second Edition focuses on new risks, threats, and points
of weakness associated with the Microsoft Windows
operating system. Particular emphasis is placed on
Windows XP, Vista, and 7 on the desktop, and Windows
Server 2003 and 2008 versions. This book instructs on
how to use tools and techniques to decrease risks arising
from vulnerabilities in Microsoft Windows operating systems
and applications.
Member: US $102.00
Non-member: US $112.00
Product Code: 3JBSS2
Order online at isaca.org/bookstore
Audit Resources
Fraud Auditing and Forensic Accounting,
Fourth Edition
Auditing and Assurance Services: Understanding
the Integrated Audit
Interpretation and Application of International
Standards on Auditing
Security, Audit and Control Features Oracle®
Database, 3rd Edition
by Tommie W. Singleton, Aaron J. Singleton
by Karen L. Hooks
by Steven Collings
*Look for the release of the 4th edition in late 2015
With the responsibility of detecting and preventing
fraud falling heavily on the accounting profession, every
accountant needs to recognize fraud and learn the tools
and strategies necessary to catch it in time. Providing
valuable information to those responsible for dealing with
prevention and discovery of financial deception, Fraud
Auditing and Forensic Accounting, Fourth Edition helps
accountants develop an investigative eye toward both
internal and external fraud and how to cope with fraud
when it has occurred.
This publication discusses the auditing profession’s
requirement to focus on the integrated audit in the wake of
the Sarbanes-Oxley Act. It also outlines the impact of the
Public Company Accounting and Oversight Board (PCAOB)
on the auditing of public companies.
In recent years, auditing has undergone significant
changes, due in large part to well-publicized corporate
disasters such as Enron and Parmalat, which have
shaken the profession. In response, many countries have
replaced preexisting domestic standards with International
Standards on Auditing (ISAs) in an attempt to ensure that
auditors throughout the world apply the same level of
work during all audit assignments, and that audit quality
remains consistent on a global basis. Use this book as
ready-resource for navigating the global standards.
Protecting information assets is challenging for every
enterprise, regardless of size and industry, and it has
become an even more complex task for enterprises adopting
distributed computing environments. Security, Audit and
Control Features Oracle Database, 3rd Edition provides
a new perspective of security and controls over Oracle.
This updated edition includes a background and review
of security controls and addresses the risks associated
with protecting information in a distributed computing
environment of various platforms, versions, interfaces
and tools.
Member: US $237.00
Non-member: US $247.00
Product Code: 93WAAS
Member: US $80.00
Non-member: US $90.00
Product Code: 88WFA
Member: US $110.00
Non-member: US $120.00
Product Code: 95WISA
Member: US $40.00
Non-member: US $55.00
Product Code: ODB9
Security, Audit and Control Features Oracle®
E-Business Suite, 3rd Edition
*Look for the release of the 4th edition in late 2015
by ISACA Deloitte Touche Tohmatsu Research Team
IT Audit, Control, and Security
by Robert Moeller
When it comes to computer security, the role of auditors
today has never been more crucial. Auditors must ensure
that all computers, in particular those dealing with
e-business, are secure. As the only source for information
on the combined areas of computer audit, control and
security, the book describes the types of internal controls,
security and integrity procedures that management must
build into its automated systems. This timely book provides
auditors with the guidance they need to ensure that their
systems are secure from both internal and external threats.
Member: US $90.00
Non-member: US $100.00
Product Code: 90WACS
Order online at isaca.org/bookstore
This updated edition of one of ISACA’s most popular guides
reflects the many changes that the business environment
and the Oracle ERP application have undergone since the
second edition was published. In response to customer
needs and an increased market awareness of governance,
risk and compliance (GRC), Oracle Corp. has continued
to boost its GRC offerings and released the updated and
improved Oracle E-Business Suite R12.1 (EBS) in 2009.
This in-demand guide also provides an update on current
industry standards and identifies future trends in Oracle
EBS risk and control. It enables audit, assurance, risk and
security professionals (IT and non-IT) to evaluate risks and
controls in existing ERP implementations, and facilitates the
design and implementation of better practice controls into
system upgrades and enhancements.
Member: US $60.00
Non-member: US $75.00
Product Code: 1SOA3
Controls and Assurance in the Cloud:
Using COBIT® 5
This information can assist enterprises in assessing the
potential value of cloud investments to determine whether
the risk is within the acceptable level. It provides a list of
publications and resources that can help determine if cloud
computing is the appropriate solution for the data and
processes being considered.
Print
Member: US $35.00
Non-member: US $60.00
Product Code: CB5CA
eBook
Free member download
Non-member: US $60.00
Product Code: WCB5CA
Order online at isaca.org/bookstore
Audit Resources
Security, Audit and Control Features Oracle
PeopleSoft, 3rd Edition
by ISACA, Deloitte Touche, Tohmatsu Research Team
Between the covers of this book, readers will find the
details needed to confidently plan and execute a detailed
review of risk and controls in a PeopleSoft environment.
A lot has changed in terms of new product features, new
releases and various regulatory compliance requirements
for enterprises since the second edition of this guide
was published in 2005. This third edition aims to ensure
that the audit programs, risk and controls are functional
and relevant with current research for Oracle PeopleSoft
HRMS release 9.1. In addition, chapter 12, New Directions
for PeopleSoft and ERP Audit, discusses the changing
compliance landscape, tools to assist with compliance and
Oracle Fusion, and the pathway for PeopleSoft installations.
COBIT® 5 for Assurance
Building on the COBIT 5 framework, this guide focuses
on assurance and provides more detailed and practical
guidance for assurance professionals and other interested
parties at all levels of the enterprise on how to use COBIT 5
to support a variety of IT assurance activities.
Print
Member: US $35.00
Non-member: US $80.00
Product Code: CB5A
eBook
Free member download
Non-member: US $80.00
Product Code: WCB5A
Member: US $65.00
Non-member: US $80.00
Product Code: ISPS3
“THIS IS THE
INFORMATION AGE.
ISACA KEEPS ME
MORE INFORMED.”
—OPEYEMI ONIFADE, CISA, CISM, CGEIT
PRACTICE LEADER, AFENOID ENTERPRISE, LTD
ABUJA, NIGERIA
ISACA MEMBER SINCE 2010
Connect with a global community of more than 140,000 innovators,
leaders and passionate professionals in IS and IT. Leverage
standards, best practices and expert insights into the rapidly evolving
IT landscape. Be more informed, inspired, skilled and successful
every day of your career.
LIKE BOOKS?
Pinpoint your next job opportunity
with ISACA’s CareerLaser
ISACA’s CareerLaser newsletter offers monthly updates on the latest jobs, top-of-mind industry news,
events and employment trends to help you navigate a successful career the information systems industry.
Let CareerLaser become your top resource for quality jobs matched specifically to your talents in audit,
Consider the real value of an ISACA membership.
Over 575 FREE e-Book downloads available
for ISACA members, including:
• IT Control Objectives for Sarbanes-Oxley
Web Download
assurance, security, governance, risk management and more.
• Controls & Assurance in the Cloud: Using
COBIT® 5
Subscribe today by visiting www.isaca.org/careerlaser
And hundreds MORE!
Need CPEs? For less than $200 annually*,
membership also offers over 70 FREE CPE
hours each year—Well more than the required
40 annual hours needed to maintain your
certification at an unbeatable price.
*Contingent on regional chapter dues. More than 90% of all
ISACA memberships are under $200.
Visit the ISACA Career Centre at www.isaca.org/careercentre to find additional career tools,
including access to top job candidates.
Networking | Standards | Insights | Member Savings | Free CPEs | COBIT ® 5
Order online at isaca.org/bookstore
3701 Algonquin Road, Suite 1010
Rolling Meadows, IL 60008 USA
Contact the ISACA Bookstore
E-mail: [email protected]
Tel: +1.847.660.5650
Fax: +1.847.253.1443