Information Technology Control and Audit, Third Edition

Now in its third edition, this book is an excellent introductory reference to IT governance, controls, and auditing. It covers a wide range of topics in the field. It reviews pertinent legislation, discusses the future of auditing in the 21st century, and examines governance, strategy and standards, and acquisition and implementation. In a section on delivery and support, it explores service management, service continuity, systems management, and operations management. Finally, the authors review advanced topics such as virtual environment, virtual security, e-commerce, and enterprise resource planning. This new edition also includes guidelines for preparing for CISA Exam, and includes numerous illustrations, graphs and charts to help readers visualize the concepts.

About the Authors

Frederick Gallegos, MBA, CGFM, has expertise in IT Audit Education, IS Auditing, Security, and Control of Information Systems; Legal Environment of Information Systems; Local Area and Wide Area Network Security and Controls; Computer Ethics, Management Information Systems, Executive Support Systems, Internet as an Audit Resource. He has more than 35 years of teaching and practical experience in the field, published four books, and authored and coauthored more than 200 articles in the aforementioned subjects. He received his BS and MS from the California State Polytechnic University, Pomona, California. He is a Certified Government Financial Manager (CGFM) and has a California Community College Instructor Credential. He taught for the Computer Information Systems Department, College of Business at California State Polytechnic University, Pomona, California, from 1976 to 1996 (part-time) and full-time from 1996 to 2006. After 30 years of teaching, he retired in September 2006 and received the lecturer emeritus status from the university in May 2007. In February 2008, he received the Computer Information Systems (CIS) Lifetime Achievement Award from the CIS Department at Cal Poly, Pomona, California. He continues to maintain contact with his past undergraduate and graduate students and alumni of the CIS Department’s Information Assurance programs from the California State Polytechnic University, Pomona, California.

Before teaching full-time at Cal Poly (1996–2006), Gallegos worked for GAO—Los Angeles Regional Office (1972–1996) and advanced within GAO to serve as manager, Management and Evaluator Support Group. He managed staffinvolved in Office Automation, Computer Audit Support, Computer Audit, Training, Human Resource Planning and Staffing, Technical Information Retrieval and Security/Facilities Management. He retired from GAO in 1996 with 26 years of federal and military service. He is a recipient of several service awards from GAO, EDP Audit, Control, and Security Newsletter (EDPACS), and ISACA that recognized his past contributions to the field and his efforts in the establishment of formal universities courses at his alma mater in IS Auditing, Control and Security at the undergraduate level in 1979 with the implementation of Association to Advance Collegiate Schools of Business (AACSB) accredited graduate-level Master of Science in Business Administration Degree program in IS Auditing since 1980. (The AACSB was founded in 1916 to accredit schools of business worldwide.) Gallegos has spoken widely on topics related to the IS Audit, Control, and Security field. He served in a number of assignments and positions with the ISACA in the past.

Gallegos is also a member of the Association of Government Accountants.

Sandra Senft, MSBA-IS Audit, CISA, CIA, is an executive with more than 25 years of combined experience in auditing, financial management, insurance, and IS. Recently, she held the global role of chief financial officer for Group IT within Zurich Financial Services in Zurich, Switzerland. During her career in IT, her responsibilities included controlling, process improvement, project management, quality management, service management, sourcing, and vendor management.

Senft’s extensive understanding of the IT and financial disciplines was further developed as an IS auditor from 1993 to 1999, specializing in auditing systems development projects as well as general control audits of mainframe and distributed systems, information security, disaster recovery, and quality assurance. She was also responsible for defining and developing the audit risk methodology, audit methodology, documenting processes, and training audit staff. She was the lead in defining requirements and selecting the technology to automate the audit workflow.

A faculty member of California State Polytechnic University, Pomona, California, from 1997 to 2000, she taught undergraduate and graduate courses in IT and IS auditing. She has also presented IS auditing topics at seminars, conferences, and CISA review courses specializing in systems development auditing. She has authored and coauthored several articles on IT controls and audit for Auerbach Publications.

Senft graduated from California State Polytechnic University, Pomona, California, with a Master of Science in business administration option in IS auditing and a Bachelor of Science in accounting. She is a Certified Information Systems Auditor (CISA), Certified Internal Auditor (CIA), and Competent Toastmaster (CTM). She served as president, treasurer, director of research and academic relations, and spring conference chair for the Los Angeles Chapter of ISACA.