IT Auditing: Information Security Governance

Robert E. Davis, MBA, CISA, CICA

Robert E. Davis is an independent management audit consultant (currently associated with Robert Half Management Resources) and a Boson Software, Inc. author and instructor, as well as Pleier Corporation author.  His IT audit specializations include Control Objectives for Information and related Technology, Sarbanes-Oxley Act, and the Foreign Corrupt Practices Act.  Regarding information security and privacy, Robert is available to provide International Organization for Standardization-27000, Gramm-Leach-Bliley Act, and Basel II consulting.  His primary computer technology research interests are databases, operating systems, and distributed information systems processing. 

Recently, he has applied his expertise in assisting organizations in fulfilling U.S. Sarbanes-Oxley and Federal Information Security Management Act requirements as well as training professionals internationally.  

Since starting his career as an IT auditor, Robert has provided data security consulting and IT auditing services (from staff through senior management positions) to the United States Enrichment Corporation, Raytheon Company, United States Interstate Commerce Commission, Dow Jones & Company, Fidelity/First Fidelity (Wachovia) Corporations, and other organizations.

Some of his professional IT software and hardware experience includes MVS, UNIX, Windows, Oracle, Clarity, the International Money Management System, PERL, COBOL, PASCAL, DEC, IBM, Tandem, Compaq, and DELL.  

Prior to engaging in the practice of IT auditing and information security consulting, Robert provided inventory and general accounting services to Philip Morris USA and general accounting services to Philadelphia National Bank (Wachovia).

Robert graduated from Temple University and West Chester University of Pennsylvania with a Bachelor of Business Administration and Master of Business Administration degree, respectively.  While attending Temple University, his major areas of study were Business Law and Accounting.  He successfully completed the requirements for a Management Information Systems subject major at West Chester University.  

Robert obtained the Certified Information Systems Auditor (CISA) certificate, after passing the 1988 Information Systems Audit and Control Association’s rigorous three hundred and fifty multiple-choice questions examination and was conferred the Certified Internal Controls Auditor (CICA) certificate by the Institute for Internal Controls.  

During his twenty-year professional involvement in education, Robert acquired postgraduate and professional technical licenses in computer science and computer systems technology.  

Robert has authored "Did IT Auditing Forget the Foreign Corrupt Practice Act" and "How Does Management Support Deploying IT Governance?" articles for IT AUDIT magazine and IT Governance, LTD; respectively.

Robert is a former ISACA-Philadelphia Chapter Board of Directors member and College Relations Chairman.  Robert has provided instruction to an Internet CISA study group, the Data Processing Management Association, and the ISACA-Philadelphia Chapter CISA Review Course.
 
Robert is a member of The Institute of Internal Auditors, ISACA, the American Association of University Professors, and The Institute for Internal Controls.  He is also a college computer science and mathematics instructor, having previously taught at Cheyney University and Bryant & Stratton College.  

For those preparing for the CISA or Certified Information Security Manager (CISM) examination, Robert has authored knowledge diagnostic tests that are also available at http://www.boson.com/Product/64.html.

Based on his accomplishments, Robert has been featured in Temple University's Fox School of Business Alumni Newsletter and The Institute for Internal Controls e-Newsletter.  Furthermore, he is a lifetime member of the Madison Who's Who Registry of Executives and Professionals.

Robert has authored 6 other indispensable resources available from Pleier Corporation "IT Auditing: The Process", "IT Auditing: An Adaptive Process", "IT Auditing: IT Governance", "IT Auditing: Information Assets Protection" "IT Auditing: Irregular and Illegal Acts" and "IT Auditing: IT Service Delivery and Support".  These publications are also especially valuable references to prepare for related sections of the ISACA Certified Information Systems Auditors examination. 

Additional references and information is available at Have CISA - Will Travel.



Robert is sharing his experience by providing tools to prepare auditors to perform IT audits of Information Security Governance in an extremely cost-effective manner.

Business organizations, governmental organizations, colleges, and universities can benefit from his knowledge and expertise concerning IT auditing.

This self-paced PowerPoint presentation with accompanying material is organized to provide initial training of IT auditors and audit managers.  The “Administrator’s Guide” provides tools for group and individual self-paced training. 

This course provides a detailed examination of IT audit and review procedures for information security governance.  Participants who complete this course will be adequately prepared to perform competent information security governance assessments including:

1.    Develop, implement, and/or incorporate an "Information Security Governance" risk-based audit and review procedures strategy and objectives in compliance with ISACA’s standards to ensure that the organization's information technology and business processes are adequately controlled, monitored, and assessed, and are aligned with the organization's business and IT objectives.

2.    Incorporate governance into IT audits and reviews to ensure that the IT audit/review strategy and objectives are achieved.

3.    Obtain sufficient, reliable, relevant, and useful evidence to achieve the Information Security Governance audit/review procedures objectives.

4.    Analyze governance information gathered to identify reportable conditions and reach conclusions.

5.    Review management’s information security governance risk assessment to provide reasonable assurance that control objectives have been achieved.

6.    Communicate information security governance audit/review results to key stakeholders.

7.    Facilitate the implementation of information security governance risk management and control practices within the organization.

Utilizing the enclosed PowerPoint slides, in conjunction with the “Participant’s Guide,” can ensure adequate understanding of IT audits and reviews related to Information Security Governance risks.  Furthermore, participant attentiveness to the material and completion of the twelve exercises in the Guide can enhance auditor professionalism in corresponding job responsibilities.

Auditors and Audit Departments that purchase this electronic publication on CD can duplicate the enclosed Administrator’s and Participant’s Guides royalty free for training of individual auditors and security professionals in that department and for in-house group training.

Organizations including schools that purchase this electronic publication on CD can duplicate the enclosed Administrator’s and Participant’s Guides and use that material to conduct public and classroom training by paying a royalty fee of $20 by check or online for each copy of the workbook produced on paper or file to:


When making payment please include with payment or a separate email the place and date that the training was held.

Your feedback, concerning this product, should be sent to pleier@pleier.com.


IT Auditing: Information Security Governance contains 402 PowerPoint slides with slide notes offering a practical method for performing IT audits and reviews addressing potential IT Auditing: Information Security Governance risks.  Furthermore, the PowerPoint slides content allows presentation and participation in either a group or individual self-paced training format.

This “IT Auditing: Information Security Governance” course can be offered in a 3 day period as outlined in the PowerPoint slides, in any timeframe to meet an organization's needs, or in a self-paced mode for individuals.

To view each of the 3 PowerPoint presentations click the blue link for that module such as the one that follows.  Click View Slide Show if necessary.  Click the left mouse button each time you are ready to advance to the next item or to check an answer throughout this presentation.  To continue a presentation at a specific slide while viewing slideshow right click the mouse, select Go To Slide, and select a specific slide number.

“IT Auditing: Information Security Governance Presentation – module 1"

Module 1 sets the framework for learning about IT Auditing: Information Security Governance as well as offering suggestions to use this CD in a self-study or group training mode addressing specifically:
“IT Auditing: Information Security Governance Presentation – module 2"
Module 2 continues the learning about IT Auditing: Information Security Governance addressing specifically:

“IT Auditing: Information Security Governance Presentation – module 3"

Module 3 continues the learning about IT Auditing: Information Security Governance addressing specifically:

"IT Auditing: Information Security Governance Administrator's Guide"

The 84-page "Administrator's Guide" provides the administrator / seminar leader with an excellent guide to offer quality training correlated to the "IT Auditing: Information Security Governance" PowerPoint presentation and provides answers for course participant exercises. Beneficially, the "Administrator's Guide" documents researched answers, with additional reference sources available on the Internet.

In a self-study mode the participant should use the "Participant's Guide" and then check the accuracy of an answer with the "Administrator's Guide". 

To access the Administrator's Guide click the blue link above. 

“IT Auditing: Information Security Governance Participant's Guide"

The 40-page "Participant's Guide" encourages active learning about Information Security Governance associated with IT audits and reviews. This workbook allows application of presented material and demonstration of the IT audit methodology, using various formats. Additionally, practice variety also is incorporated through group or individual exercise assignments.

The "Participant's Guide" contains a glossary of terms that participant might want to reference throughout the PowerPoint presentation.

To access the Participant's Guide click the blue link above. 

If you like the quality of this CD-ROM publication check http://www.pleier.com for additional resources.

Current Publications - Click the link to preview:

• 21st Century Audit Management “Opportunities and Challenges“ by a number of contributing authors

• A Practitioner's Guide to Corruption Auditing by Muhammad Akram Khan

• A Practitioners Guide to Performance Auditing by Muhammad Akram Khan

• Achieving Auditor Excellence by David McNamee

• Auditing Fraud - Complete Publications, Threat Scenarios, Purchasing & Contracts Fraud by David McNamee

• Auditing IT Infrastructures by Alan Oliphant

• Auditing Purchasing and Contracts by David McNamee

• Control Self Assessment by David McNamee

• Exceeding Expectations by John D. Tongren

• Internal Auditing: Basics & Best Practices by David McNamee

• IT Auditing: An Adaptive Process by Robert E. Davis

• IT Auditing: Information Assets Protection by Robert E. Davis
  

• IT Auditing: Irregular and Illegal Acts by Robert E. Davis

• IT Auditing: IT Outsourcing - Balancing Risk vs. Reward by Michael Lapelosa

• IT Auditing: IT Service Delivery and Support by Robert E. Davis

• IT Auditing: The Basics by Michael Lapelosa

• IT Auditing: The Process by Robert E. Davis
  

• Internal Auditor Toolkit by Michael Lapelosa

• McKeever CCSA Study System by John J. McKeever

• Modern Integrated Audit Approach by Michael Lapelosa

• Operational Auditing: Adding Value to Organizations by John D. Tongren
  

• Risk Management - Best Practice, Case Studies, and Related Material by a number of contributing authors

• Risk Management and Risk Assessment by David McNamee

• Transitioning from Internal Audit to Internal Assurance
  

Print Order Form - PDF

Print Order Form - Word Document

Order Online

Thank you for purchasing a copy of the "IT Auditing: Information Security Governance".