Reference Library: Audit and Control
Resources on audit techniques and approaches, audit/auditor descriptions, and future directions in auditing and controls.
Alexander Hamilton Institute (AHI)
AHI publishes newsletters, booklets, and manuals on employment law, including conducting audits on human resources and benefits, and targeted to management at small and medium-size firms.
This site consists of information and resources including Auditors Sharing Audit Programs (ASAP) access for downloading.
AuditSoftware.Net is a free online community devoted to helping organizations maximize the benefits of using computer tools during the audit and business intelligence-gathering process.
AuditWatch helps certified public accountant firms and internal audit departments improve efficiency, client service, and quality, as well as providing audit programs and training seminars.
Bank for International Settlements (BIS)
BIS is an international organization that fosters cooperation toward monetary and financial stability and serves as a central bank.
BetaWatch News Online
Temi Grafstein, BetaWatch's founder and senior consultant, developed digital due diligence — data gathering and analysis techniques to audit IT — and provides customized technology audit services.
Canaudit offers technical audits, security reviews, network penetrations, and classes on security, controls, and testing. The Web site provides training schedules, articles, checklists, and tools for download.
Central Indiana ISACA Chapter List Server (CISACA-L)
CISACA-L is frequented by a wide range of IT auditors who share advice freely.
The IT Governance Institute developed Control Objectives for Information and Related Technology (COBIT) as a generally applicable and accepted standard for good IT security and control practices that provides a reference framework for management, users, and auditors.
Continuous Online Auditing
Managed by Rutgers University, the Continuous Online Auditing site maintains a collection of the latest information related to continuous online auditing and assurance.
Control Solutions International
Control Solutions International's services focus on process improvement reviews, technology audits, best practice surveys and reengineering facilitations, benchmarking, risk and control self-assessments, security, and vulnerability.
Corporate Computer Consultants Ltd. (CCCL)
Information security and technology audit consulting is CCCL's core business. The company advises on and reviews general IT and network security controls.
COSO Enterprise Risk Management—Integrated Framework
The Committee of Sponsoring Organizations of the Treadway Commission'S Enterprise Risk Management—Integrated Framework describes the essential components, principles, and concepts of ERM.
CPA2Biz is a source of products and services for certified public accountants, through its strategic partnership with the American Institute of Certified Public Accountants (AICPA).
Data Mining: Results and Challenges for Government Program Audits and Investigations
This U.S. Government Accountability Office report details the agency's use of data mining techniques during audits of federal government agencies and provides information on identifying fraud, waste, and abuse. [PDF]
Deloitte provides global accounting, consulting, tax services, and information control and assurance, in more than 100 cities.
Enterprise Risk Management
Enterprise Risk Management provides outsourced internal audit services, security reviews, risk management, system evaluations, application development, SAS 70 reviews, attestation, business continuity, and impact analysis services.
Federation Against Software Theft (FAST)
FAST helps UK and U.S. organizations comply with software licenses and promotes the legal use of software, working on behalf of the software industry.
GAIN provides benchmarking services for subscribers and conducts online surveys related to internal auditing and management. GAIN also provides a network directory to connect participants with each other.
Global Technology Audit Guide — Change and Patch Management Controls: Critical for Organizational Success
The objective of this publication is to educate CAEs, their peers, and their staff about how effective and efficient IT change and patch management contribute to organizational success.
Grant Thornton LLP
Grant Thornton LLP’s services include IT auditing, outsourcing, co-sourcing, transformation, operational audits, quality assurance reviews, and internal controls testing to help companies manage risk.
IIA Quality Assessment Manual
The Quality Assessment Manual, Fifth Edition, provides principal guidance and a set of practical tools to assess conformity to the International Standards for the Professional Practice of Internal Auditing.
Institute of Internal Auditors (IIA)
The IIA is the world leader in internal auditing, governance, internal control, IT audit, education, risk management, and security.
Intergovernmental Audit Forums
Intergovernmental Audit Forums is a U.S.-based association of audit executives from federal, state, and local governments that works to improve coordination and cooperation in intergovernmental auditing.
International Journal of Auditing
International Journal of Auditing is an international forum for academics, professionals, and policy-makers with research interests in new ideas, techniques, and approaches within all aspects of auditing.
ISACA serves the needs of IT governance professionals, develops global standards, administers the Certified Information Systems Auditor (CISA) designation, and publishes the Control Objectives for Information and Related Technology (COBIT).
IsecT Computer Audit FAQ
The IsecT Computer Audit FAQ provides a basic overview of IT auditing for new auditors and others who are unfamiliar with the profession.
IT Governance Institute (ITGI)
Created by ISACA, ITGI provides guidance and technical support to address IT issues at the governance level.
IT Governance Ltd.
IT Governance Ltd. helps companies design and implement cost-effective information security management systems and publishes tools for IT governance and information security practitioners.
IT Policy Compliance Group
The IT Policy Compliance Group promotes the development of research and information that will help IT security professionals meet the policy and regulatory compliance goals of their organizations.
ITAuditing: The Basics
IT Auditing: The Basics discusses risks, control objectives, and control techniques for selected high-payback IT audit areas that do not require a large degree of technical expertise.
itmWEB Information Technology Management WEB
The itmWEB site provides reference, methodology, and technical content on IT department management, technology support, and project leadership.
Jefferson Wells International
Jefferson Wells International delivers operating, consulting and training solutions in internal auditing, tax, accounting and finance, and technology.
KBA Group interprets and implements solutions to assist organizations with: SAS 70 audits, IT and business control assessments, Sarbanes-Oxley Section 404 implementation, remediation and maintenance, and outsourced internal audits.
Protiviti KnowledgeLeader online internal audit and risk management subscription service provides tools, templates, checklists, white papers, risk models, and other materials to manage business and technology risk.
KPMG's international network of industry professionals, products, and technologies provides tailored services to address the complex business challenges faced by global clients.
OSTERIO Group provides training and consulting to business executives, managers, and internal auditors working in the risk, control, assurance, and internal audit fields.
PRI Audit & Control
PRI Audit & Control provides internal audit outsourcing and helps organizations to complete audit plans and conduct audits in foreign languages.
Proactively Detecting Occupational Fraud Using Computer Audit Reports
Written by Rich Lanza, this CD-ROM self-study course is designed to assist auditors, fraud examiners, and management implement data analysis routines for fraud prevention and detection.
Protiviti provides independent business and technology risk consulting and internal audit services to help clients identify, measure, and manage operational and technology-related risks.
This Web site provides general information about the Statement on Auditing Standards (SAS) No. 70 (SAS70).
Skeleton Star Inc.
Skeleton Star provides products and services based on sound business practices, principles, and guidance, enabling small and mid-size businesses to achieve the focus, discipline, and structure they need.
This site provides SQL server performance tuning and optimization tips, an overview of the SQL server security model and security best practices, and information and articles for enhancing audits.
Support for Improvement in Governance and Management (Sigma)
Sigma is a joint initiative of the Organisation for Economic Co-operation and Development and the European Union that assists nations in modernizing public governance systems and provides reports on current governance reform projects.
SysTrust uses specific criteria to evaluate availability, security, integrity, and maintainability to enable certified public accountants to evaluate the reliability of a system.
The Internal Auditing World Wide Web (IAWWW)
The IAWWW provides online, real time international communications, real-time help and access, information, knowledge, non-filtered discussions and electronic conferences, and an access list of peers.
The SOX Group
The SOX Group specializes in Sarbanes-Oxley Section 404 IT compliance, including process narratives, policies and procedures, risk and control assessments, testing, and remediation.
Tripwire offers IT change audit solutions and helps enterprises ensure regulatory compliance, network security, and system availability. The Web site features educational webcasts and white papers.
U.S. GAO/NSAA Management Planning Guide for Information Systems Security Auditing
This document from the U.S. Government Accountability Office (GAO) and National State Auditors Association (NSAA) outlines procedures for information systems security audits in federal, state, and local government agencies. [PDF]
U.S. National Institute of Standards and Technology (NIST)
The National Institute of Standards and Technology (NIST) publishes guidelines in many areas of information technology security, control, management, and auditing.
U.S. NIST Computer Security Resource Center (CSRC)
The National Institute for Standards and Technology's (NIST's) CSRC collects and disseminates computer security information and resources to help users, systems administrators, managers, and security professionals better protect their data and systems.