Normal view MARC view ISBD view

Fundamentals of information risk management auditing : an introduction for managers and auditors / Christopher Wright.

By: Wright, Christopher (Accountant) [author.].
Material type: TextTextSeries: JSTOR eBooks.Fundamentals of educational planning: Publisher: Ely, Cambridgeshire, United Kingdom : IT Governance Publishing, 2016Description: 1 online resource (1 volume) : illustrations.Content type: text Media type: computer Carrier type: online resourceISBN: 9781849288163; 184928816X.Subject(s): Risk management | Risk management -- AuditingAdditional physical formats: Print version:: No titleDDC classification: 658.155 Online resources: Click here to view this ebook.
Contents:
Cover; Title; Copyright; Contents; Part I: What is risk and why is it important?; Chapter 1: Risks and controls; Overview; What is risk?; Management of risk; Risk identification and awareness; Documenting risks; Assessing and monitoring risk; Categorisation; Likelihood; Impact; Risk heat maps; Controlling risk; Summary; Chapter 2: Enterprise risk management (ERM) frameworks; Overview; What is enterprise risk management?; Strategic enterprise wide management process; Identify potential risks; Significant impact; Manage them within the entity's risk appetite; Common ERM frameworks; COSO
The five componentsISO31000; Sarbanes-Oxley; Summary; Chapter 3: Risk management assurance and audit; Overview; Three lines of defence; First line of defence -- Business unit staff and management; Second line of defence -- Governance, risk and compliance; Third line of defence -- Independent assurance from audit and the Board; Segregation of duties between each line; Internal vs external audit; Other forms of IT assurance; Case study; Summary; Chapter 4: Information Risks and Frameworks; Overview; What is information risk?; COBIT 5; ISO frameworks; CRAMM; Summary and key take-aways
Part II: Introduction to General IT and Management RisksChapter 5: Overview of General IT and Management Risks; Overview; Reviewing entity level controls in an IT context; What are general IT controls?; Case studies and examples of general IT controls; Outsourced arrangements; End user computing; Bring your own devices (BYOD); Case studies and examples of outsourcing; Reviewing general IT controls; Summary; Chapter 6: Security and Data Privacy; Overview; Risks; Controls; Examples of IT security controls; ISO27001; Case study examples
Documenting, assessing and testing security and confidentiality controlsSummary; Chapter 7: System Development and Change Control; Introduction; Project lifecycle overview; Project lifecycle risks; Project lifecycle controls; Project lifecycle case study examples; Project lifecycle documenting, assessing and testing controls; Change management overview and risks; Change management controls; Change management case study examples; Documenting, assessing and testing controls; Summary; Chapter 8: Service Management and Disaster Planning; Introduction; Service management overview
Disaster planningCase study examples; Summary; Part III: Introduction to Application Controls; Chapter 9: Overview of Application Controls (Integrity); Introduction; Risks; Controls; Case study examples; Documenting, assessing and testing application controls; Summary; Further reading; Part IV: Life as an Information Risk Management Specialist; Chapter 10: Planning, Running and Reviewing Information Risk Management Assignments; Overview; Stages of a review; IRM assignment planning; Conducting an IRM review; Reviewing the audit review; Ensuring action after the review; Summary
Tags from this library: No tags from this library for this title. Log in to add tags.
Item type Current location Call number URL Status Date due Barcode
Electronic Book UT Tyler Online
Online
HD61 (Browse shelf) https://ezproxy.uttyler.edu/login?url=http://www.jstor.org/stable/10.2307/j.ctt1bj4t5n Available ocn949908718

Description based on online resource; title from title page (Safari, viewed May 18, 2016).

Includes bibliographical references.

Cover; Title; Copyright; Contents; Part I: What is risk and why is it important?; Chapter 1: Risks and controls; Overview; What is risk?; Management of risk; Risk identification and awareness; Documenting risks; Assessing and monitoring risk; Categorisation; Likelihood; Impact; Risk heat maps; Controlling risk; Summary; Chapter 2: Enterprise risk management (ERM) frameworks; Overview; What is enterprise risk management?; Strategic enterprise wide management process; Identify potential risks; Significant impact; Manage them within the entity's risk appetite; Common ERM frameworks; COSO

The five componentsISO31000; Sarbanes-Oxley; Summary; Chapter 3: Risk management assurance and audit; Overview; Three lines of defence; First line of defence -- Business unit staff and management; Second line of defence -- Governance, risk and compliance; Third line of defence -- Independent assurance from audit and the Board; Segregation of duties between each line; Internal vs external audit; Other forms of IT assurance; Case study; Summary; Chapter 4: Information Risks and Frameworks; Overview; What is information risk?; COBIT 5; ISO frameworks; CRAMM; Summary and key take-aways

Part II: Introduction to General IT and Management RisksChapter 5: Overview of General IT and Management Risks; Overview; Reviewing entity level controls in an IT context; What are general IT controls?; Case studies and examples of general IT controls; Outsourced arrangements; End user computing; Bring your own devices (BYOD); Case studies and examples of outsourcing; Reviewing general IT controls; Summary; Chapter 6: Security and Data Privacy; Overview; Risks; Controls; Examples of IT security controls; ISO27001; Case study examples

Documenting, assessing and testing security and confidentiality controlsSummary; Chapter 7: System Development and Change Control; Introduction; Project lifecycle overview; Project lifecycle risks; Project lifecycle controls; Project lifecycle case study examples; Project lifecycle documenting, assessing and testing controls; Change management overview and risks; Change management controls; Change management case study examples; Documenting, assessing and testing controls; Summary; Chapter 8: Service Management and Disaster Planning; Introduction; Service management overview

Disaster planningCase study examples; Summary; Part III: Introduction to Application Controls; Chapter 9: Overview of Application Controls (Integrity); Introduction; Risks; Controls; Case study examples; Documenting, assessing and testing application controls; Summary; Further reading; Part IV: Life as an Information Risk Management Specialist; Chapter 10: Planning, Running and Reviewing Information Risk Management Assignments; Overview; Stages of a review; IRM assignment planning; Conducting an IRM review; Reviewing the audit review; Ensuring action after the review; Summary

There are no comments for this item.

Log in to your account to post a comment.