Swanson on Internal Auditing: Raising the Bar

A culmination of 26 years' experience in the internal audit field, this book encompasses a compilation of articles that the author, Dan Swanson, an internal audit veteran - has prepared over the years. It is a comprehensive, yet concise, work which discusses numerous different internal audit challenges and practices, all in one place. It can serve as a roadmap to develop that true internal audit function. It opens with chapters that explain the internal audit function as a concept, and then proceeds through the specific topics that internal auditors must know: risk management, IT security, business continuity, ethics and compliance, and much more.

Table of Contents:
Introduction PART 1: INTERNAL AUDITING Chapter 1: Introduction to Internal Audit The internal-audit function, from step zero Setting long-term goals for internal audit What is internal auditing? Chapter 2: The Professional Practice of Internal AuditError! Bookmark not defined. 20 questions for directors to ask internal auditors Giving the finance department the audit it deserves How to weigh IT investment decisions The tipping point for board oversight of IT Auditing ethics and compliance programs Establishing accountability for your antifraud efforts Auditing to spot fraud, from start to end Chapter 3: Improving Internal-Audit Results The vital need for quality internal auditing Enhancing your internal-audit performance The art of expressing an internal-audit opinion Driving internal audit with risk assessments Giving internal audit an effective mandate The value of performance measurementA" Chapter 4: My Favorites Auditing system conversions 20 questions directors should ask about internal audit The role of auditing in public sector governance Avoiding IS icebergs OCEG Internal Audit Guide (OIAG) Improving information technology is always needed IT audit, assurance, security and control standards Improving information security! (An endless task) Auditing compliance and ethics Chapter 5: IIA Related Guidance International Professional Practices Framework (IPPF) ... Internal audit standards: why they matter 20 questions directors should ask about internal audit Organizational governance: guidance for internal auditors The role of internal auditing in enterprise-wide risk management The role of auditing in public sector governance Establishing an internal audit shop The role of internal auditing in resourcing the internal audit activity Internal control over financial reporting: guidance for smaller public companies 2 Purchase this title at www.itgovernance.co.uk/products/3109 COSO enterprise risk management: integrated framework Chapter 6: Priorities for the Coming Decade Auditing your enterprise risk management program Internal audit's seat at the governance table Are you protecting your digital assets? Operational resiliency: a business priority! PART 2: IT AUDITING Chapter 7: Tackling IT Audit The importance of auditing IT projects well Auditing a company's IT strategies Ensuring technology changes are well managed Auditing information security: are you protected? Scoping out an audit of privacy programs Educating staff leads to improved IT security Auditing records management How to audit business continuity programs The tipping point for board oversight of IT Chapter 8: Healthcare Internal Auditing New perspectives on healthcare risk management, control and governance Auditing IT initiatives is recommended quality practice ... Auditing IT investment management: how aligned is it and the business in your organization? Finance needs to be high performing! Improve IT security: educate staff Privacy: our next organizational challenge? Are your audit priorities aligned with the organization's needs? Chapter 9: IT-Audit Checklists The IT-audit checklist series IT-audit checklist: information security IT-audit checklist: change management IT-audit checklist: IT governance and strategy IT-audit checklist: privacy and data protection IT-audit checklist: risk management Chapter 10: AUDITNET(R) Dan Swanson's Columns AuditNet(R) Dan Swanson's columns (the summary) Internal auditors and fraud: a 2010 resource keeper Some summer reading: from the summer of 2009 Information security management: part 1 of 2 Improving corporate risk management! Building security in (is needed)! Making information systems work How IT governance drives improved performance Privacy: our next organizational challenge? Risk oversight leadership is needed! Board oversight of IT is needed 3 Purchase this title at www.itgovernance.co.uk/products/3109 CERT's podcast series: security for business leaders Technical communications Business continuity and disaster recovery leadership Chapter 11: IT World Canada: IT Security Resource Blog IT World Canada: IT security resource blog Have you started your journey yet? Teaching staff to fish How to think for yourself Auditing to avoid IS icebergs Being prepared and in control The importance of internal audits All about the IIA Inside the EDPACS newsletter High availability: the next challenge A fistful of risk management resources Get to know auditing S&P's global regulatory framework for credit ratings The book on security engineering Technology does not fix process! NIST's security framework Improving the practice of IT Compliance, fraud and business continuity Improving your privacy practices The finance function Getting more resilient Retooling your IT security plans Staying accountable Best practices abound Built-in security Back to the future From ethics to college basketball Keeping tabs on governance and risk Study the work of others Continuous improvement is a priority It's all about the architecture Security audits are always useful Don't let change just happen The boy scout motto is there for a reason Technology is the business Study: the key to success (it's that simple) Can you recover from a disaster? An educated and motivated workforce is your best defense Just who is responsible for information security? Project management makes things happen Don't reinvent the wheel Don't reinvent the security wheel 4 Purchase this title at www.itgovernance.co.uk/products/3109 Research complements practice and you do need to know both Good leadership AND good management are needed Do you search out knowledge and wisdom? Guidance only supports practice Chapter 12: Sentinel: The IT Governance Newsletter ... Sentinel archive: access link Chapter 13: CIO Canada: IT Management Columns ... Positioning the CIO for success Helping management understand IT planning Planning, projects and control Time for information security management to go to warError! Bookmark not defined. Taking stock of projects Your online HR management checklist Towards effective IT governance Chapter 14: Keeping Our Kids Safe! Make a difference! The WIRED KIDS website A call to action: be a cyber-secure kid! The National Child Exploitation Coordination Centre ... The National Center for Missing & Exploited Children ... Security awareness for Ma, Pa and the corporate clueless . PART 3: MAKING A DIFFERENCE Chapter 15: Learn from the Past and ThinkA" Nobody's perfect On quality management, Dr Deming, and candles: the last graduate student remembers her mentor The goal: a process of ongoing improvement Crucial conversations: tools for talking when stakes are high Appendix A: EDPACS Articles The state of IT auditing in 2007 Appendix B: IIA Standards Appendix C: Global Technology Audit Guides Appendix D: A Primer on Corporate Duties Appendix E: Assurance Conundrum Appendix F:The Perils of Mount Must ReadA': Confessions of a Cliff Note Junky Appendix G: Norman Marks on Governance Appendix H: Charles Le Grand on Technology ITG Resources