IT Auditing: Information Security Governance

  About the Author 

Robert E. Davis

Robert E. Davis, MBA, CISA, CICA

Robert E. Davis is an independent management audit consultant (currently associated with Robert Half Management Resources) and a Boson Software, Inc. author and instructor, as well as Pleier Corporation author.  His IT audit specializations include Control Objectives for Information and related Technology, Sarbanes-Oxley Act, and the Foreign Corrupt Practices Act.  Regarding information security and privacy, Robert is available to provide International Organization for Standardization-27000, Gramm-Leach-Bliley Act, and Basel II consulting.  His primary computer technology research interests are databases, operating systems, and distributed information systems processing. 

Recently, he has applied his expertise in assisting organizations in fulfilling U.S. Sarbanes-Oxley and Federal Information Security Management Act requirements as well as training professionals internationally.  

Since starting his career as an IT auditor, Robert has provided data security consulting and IT auditing services (from staff through senior management positions) to the United States Enrichment Corporation, Raytheon Company, United States Interstate Commerce Commission, Dow Jones & Company, Fidelity/First Fidelity (Wachovia) Corporations, and other organizations.

Some of his professional IT software and hardware experience includes MVS, UNIX, Windows, Oracle, Clarity, the International Money Management System, PERL, COBOL, PASCAL, DEC, IBM, Tandem, Compaq, and DELL.  

Prior to engaging in the practice of IT auditing and information security consulting, Robert provided inventory and general accounting services to Philip Morris USA and general accounting services to Philadelphia National Bank (Wachovia).

Robert graduated from Temple University and West Chester University of Pennsylvania with a Bachelor of Business Administration and Master of Business Administration degree, respectively.  While attending Temple University, his major areas of study were Business Law and Accounting.  He successfully completed the requirements for a Management Information Systems subject major at West Chester University.  

Robert obtained the Certified Information Systems Auditor (CISA) certificate, after passing the 1988 Information Systems Audit and Control Association’s rigorous three hundred and fifty multiple-choice questions examination and was conferred the Certified Internal Controls Auditor (CICA) certificate by the Institute for Internal Controls.  

During his twenty-year professional involvement in education, Robert acquired postgraduate and professional technical licenses in computer science and computer systems technology.  

Robert has authored "Did IT Auditing Forget the Foreign Corrupt Practice Act" and "How Does Management Support Deploying IT Governance?" articles for IT AUDIT magazine and IT Governance, LTD; respectively.

Robert is a former ISACA-Philadelphia Chapter Board of Directors member and College Relations Chairman.  Robert has provided instruction to an Internet CISA study group, the Data Processing Management Association, and the ISACA-Philadelphia Chapter CISA Review Course.

Robert is a member of The Institute of Internal Auditors, ISACA, the American Association of University Professors, and The Institute for Internal Controls.  He is also a college computer science and mathematics instructor, having previously taught at Cheyney University and Bryant & Stratton College.  

For those preparing for the CISA or Certified Information Security Manager (CISM) examination, Robert has authored knowledge diagnostic tests that are also available at

Based on his accomplishments, Robert has been featured in Temple University's Fox School of Business Alumni Newsletter and The Institute for Internal Controls e-Newsletter.  Furthermore, he is a lifetime member of the Madison Who's Who Registry of Executives and Professionals.

Robert has authored 6 other indispensable resources available from Pleier Corporation "IT Auditing: The Process", "IT Auditing: An Adaptive Process", "IT Auditing: IT Governance", "IT Auditing: Information Assets Protection"
"IT Auditing: Irregular and Illegal Acts" and "IT Auditing: IT Service Delivery and Support".  These publications are also especially valuable references to prepare for related sections of the ISACA Certified Information Systems Auditors examination. 

Additional references and information is available at
Have CISA - Will Travel.

Cd and computer image  

IT Auditing: Information Security Governance

Robert is sharing his experience by providing tools to prepare auditors to perform IT audits of Information Security Governance in an extremely cost-effective manner.

Business organizations, governmental organizations, colleges, and universities can benefit from his knowledge and expertise concerning IT auditing.

This self-paced PowerPoint presentation with accompanying material is organized to provide initial training of IT auditors and audit managers.  The “Administrator’s Guide” provides tools for group and individual self-paced training. 

This course provides a detailed examination of IT audit and review procedures for information security governance.  Participants who complete this course will be adequately prepared to perform competent information security governance assessments including:

1.    Develop, implement, and/or incorporate an "Information Security Governance" risk-based audit and review procedures strategy and objectives in compliance with ISACA’s standards to ensure that the organization's information technology and business processes are adequately controlled, monitored, and assessed, and are aligned with the organization's business and IT objectives.

2.    Incorporate governance into IT audits and reviews to ensure that the IT audit/review strategy and objectives are achieved.

3.    Obtain sufficient, reliable, relevant, and useful evidence to achieve the Information Security Governance audit/review procedures objectives.

4.    Analyze governance information gathered to identify reportable conditions and reach conclusions.

5.    Review management’s information security governance risk assessment to provide reasonable assurance that control objectives have been achieved.

6.    Communicate information security governance audit/review results to key stakeholders.

7.    Facilitate the implementation of information security governance risk management and control practices within the organization.

Utilizing the enclosed PowerPoint slides, in conjunction with the “Participant’s Guide,” can ensure adequate understanding of IT audits and reviews related to
Information Security Governance risks.  Furthermore, participant attentiveness to the material and completion of the twelve exercises in the Guide can enhance auditor professionalism in corresponding job responsibilities.

Auditors and Audit Departments that purchase this electronic publication on CD can duplicate the enclosed Administrator’s and Participant’s Guides royalty free for training of individual auditors and security professionals in that department and for in-house group training.

Organizations including schools that purchase this electronic publication on CD can duplicate the enclosed
Administrator’s and Participant’s Guides and use that material to conduct public and classroom training by paying a royalty fee of $20 by check or online for each copy of the workbook produced on paper or file to:

Pleier Corporation
Attn: IT Auditing: Information Security Governance
P.O. Box 3900
Mission Viejo CA 92690-1900
United States of America

When making payment please include with payment or a separate email the place and date that the training was held.

Your feedback, concerning this product, should be sent to

Cd and computer image 

IT Auditing: Information Security Governance contains 402 PowerPoint slides with slide notes offering a practical method for performing IT audits and reviews addressing potential IT Auditing: Information Security Governance risks.  Furthermore, the PowerPoint slides content allows presentation and participation in either a group or individual self-paced training format.

This “IT Auditing: Information Security Governance” course can be offered in a 3 day period as outlined in the PowerPoint slides, in any timeframe to meet an organization's needs, or in a self-paced mode for individuals.

To view each of the 3 PowerPoint presentations click the blue link for that module such as the one that follows.  Click View Slide Show if necessary.  Click the left mouse button each time you are ready to advance to the next item or to check an answer throughout this presentation.  To continue a presentation at a specific slide while viewing slideshow right click the mouse, select Go To Slide, and select a specific slide number.

“IT Auditing: Information Security Governance Presentation – module 1"

Module 1 sets the framework for learning about IT Auditing: Information Security Governance as well as offering suggestions to use this CD in a self-study or group training mode addressing specifically:

Introductions (if a group)
Appropriate IT Auditor Training
An 18-question Diagnostic Test with answers
IT Audit Training Agenda
Suggested Training Schedule
IT Audit Methodology
8 Types of IT Audits
Overview of Information Security Governance
Information Security Governance Program Management
Information Security Governance Organizational Practices
Information Security Strategic Alignment Requirements
COBIT and ISO 27000 Frameworks

“IT Auditing: Information Security Governance Presentation – module 2"

Module 2 continues the learning about IT Auditing: Information Security Governance addressing specifically:

Information Security Value Delivery Significance
Business Risk Management Principles
Information Technology Risk Management Principles
Information Security Risk Management Principles
Control Selection Interaction Model
Information Security Resource Criticality
Information Security Performance Measurement
Information Security Performance Monitoring
IT Audit and Review Planning Issues
IT Audit and Review Management
Auditable Units Bidirectional Linkages

“IT Auditing: Information Security Governance Presentation – module 3"

Module 3 continues the learning about IT Auditing: Information Security Governance addressing specifically:
Audit and Review Risk Assessment
Internal Control Assessment
Management Information Systems
Mission Statements
Documentation Availability
IT Tools and Techniques
Key Auditable Units
Risk-Control Methodology
Fiduciary Requirements
Performance Management
Evaluating Outsourced Activities

Cd and computer image
Administrator's Guide

"IT Auditing: Information Security Governance Administrator's Guide"

The 84-page "Administrator's Guide" provides the administrator / seminar leader with an excellent guide to offer quality training correlated to the "IT Auditing: Information Security Governance" PowerPoint presentation and provides answers for course participant exercises. Beneficially, the "Administrator's Guide" documents researched answers, with additional reference sources available on the Internet.

In a self-study mode the participant should use the "Participant's Guide" and then check the accuracy of an answer with the "Administrator's Guide". 

To access the Administrator's Guide click the blue link above. 

CD and computer image

Participant's Guide

“IT Auditing: Information Security Governance Participant's Guide"

The 40-page "Participant's Guide" encourages active learning about Information Security Governance associated with IT audits and reviews. This workbook allows application of presented material and demonstration of the IT audit methodology, using various formats. Additionally, practice variety also is incorporated through group or individual exercise assignments.

The "Participant's Guide" contains a glossary of terms that participant might want to reference throughout the PowerPoint presentation.

To access the Participant's Guide click the blue link above. 

Other Resources

If you like the quality of this CD-ROM publication check for additional resources.

Current Publications - Click the link to preview:

Print Order Form - PDF

Print Order Form - Word Document

Order Online

Thank you for purchasing a copy of the "IT Auditing: Information Security Governance".

Please tell others about these resources.

Thank you.

Joseph R Pleier


Pleier Corporation