The Basics of IT Audit

1st Edition

Purposes, Processes, and Practical Information

Authors: Stephen Gantz
Paperback ISBN: 9780124171596
eBook ISBN: 9780124171763
Imprint: Syngress
Published Date: 22nd November 2013
Page Count: 270
32.95 + applicable tax
25.99 + applicable tax
39.95 + applicable tax
Compatible Not compatible
VitalSource PC, Mac, iPhone & iPad Amazon Kindle eReader
ePub & PDF Apple & PC desktop. Mobile devices (Apple & Android) Amazon Kindle eReader
Mobi Amazon Kindle eReader Anything else

Institutional Access


The Basics of IT Audit: Purposes, Processes, and Practical Information provides you with a thorough, yet concise overview of IT auditing. Packed with specific examples, this book gives insight into the auditing process and explains regulations and standards such as the ISO-27000, series program, CoBIT, ITIL, Sarbanes-Oxley, and HIPPA.

IT auditing occurs in some form in virtually every organization, private or public, large or small. The large number and wide variety of laws, regulations, policies, and industry standards that call for IT auditing make it hard for organizations to consistently and effectively prepare for, conduct, and respond to the results of audits, or to comply with audit requirements.

This guide provides you with all the necessary information if you're preparing for an IT audit, participating in an IT audit or responding to an IT audit.

Key Features

  • Provides a concise treatment of IT auditing, allowing you to prepare for, participate in, and respond to the results
  • Discusses the pros and cons of doing internal and external IT audits, including the benefits and potential drawbacks of each
  • Covers the basics of complex regulations and standards, such as Sarbanes-Oxley, SEC (public companies), HIPAA, and FFIEC
  • Includes most methods and frameworks, including GAAS, COSO, COBIT, ITIL, ISO (27000), and FISCAM


IT Security Professionals (Security Auditors, Security Engineers, Compliance Specialists, etc.), IT Professionals (Network Administrators, IT Managers, Security Managers, Security Analysts, Directors of Security, etc.

Table of Contents



About the Author

About the Technical Editor




Information in this chapter

Introduction to IT auditing

Purpose and rationale

Structure and content

Chapter 1. IT Audit Fundamentals

Information in this chapter

What is IT auditing?

Why audit?

Who gets audited?

Who does IT auditing?

Relevant source material



Chapter 2. Auditing in Context

Information in this chapter:

IT governance

Risk management

Compliance and certification

Quality management and quality assurance

Information security management

Relevant source material



Chapter 3. Internal Auditing

Information in this chapter:

Internal audit as an organizational capability

Benefits of internal IT auditing

Internal audit challenges

Internal auditors

Relevant source material



Chapter 4. External Auditing

Information in this chapter:

Operational aspects of external audits

External IT audit drivers and rationale

External audit benefits

External audit challenges

External auditors

Relevant source material



Chapter 5. Types of Audits

Information in this chapter:

Financial audits

Operational audits

Certification audits

Compliance audits

IT-specific audits

Relevant source material



Chapter 6. IT Audit Components

Information in this chapter

Establishing the scope of IT audits

Types of controls

Auditing different IT assets

Auditing procedural controls or processes



No. of pages:
© Syngress 2014
eBook ISBN:
Paperback ISBN:

About the Author

Stephen Gantz

Stephen Gantz (CISSP-ISSAP, CEH, CGEIT, CRISC, CIPP/G, C|CISO) is an information security and IT consultant with over 20 years of experience in security and privacy management, enterprise architecture, systems development and integration, and strategic planning. He currently holds an executive position with a health information technology services firm primarily serving federal and state government customers. He is also an Associate Professor of Information Assurance in the Graduate School at University of Maryland University College. He maintains a security-focused website and blog at Steve’s security and privacy expertise spans program management, security architecture, policy development and enforcement, risk assessment, and regulatory compliance with major legislation such as FISMA, HIPAA, and the Privacy Act. His industry experience includes health, financial services, higher education, consumer products, and manufacturing, but since 2000 his work has focused on security and other information resources management functions in federal government agencies. His prior work history includes completing projects for government clients including the Departments of Defense, Labor, and Health and Human Services, Office of Management and Budget, Federal Deposit Insurance Corporation, U.S. Postal Service, and U.S. Senate. Steve holds a master’s degree in public policy from the Kennedy School of Government at Harvard University, and also earned his bachelor’s degree from Harvard. He is nearing completion of the Doctor of Management program at UMUC, where his dissertation focuses on trust and distrust in networks and inter-organizational relationships. Steve currently resides in Arlington, Virginia with his wife Reneé and children Henry, Claire, and Gillian.

Affiliations and Expertise

CISSP-ISSAP, CEH, CGEIT, CRISC, CIPP/G, Founder and Principal Architect of


"...a good primer for anyone just getting started in IT Audit or students pursuing a degree in IT Assurance...also does a great job demystifying the audit process and is recommended for anyone in IT who may be involved in their company's audit process." ,September 9 2014