IT Auditing and Sarbanes-Oxley Compliance: Key Strategies for Business Improvement

  • 5h 49m
  • Dimitris N. Chorafas
  • CRC Press
  • 2009

Information technology auditing and Sarbanes-Oxley compliance have several overlapping characteristics. They both require ethical accounting practices, focused auditing activities, a functioning system of internal control, and a close watch by the board’s audit committee and CEO. Written as a contribution to the accounting and auditing professions as well as to IT practitioners, IT Auditing and Sarbanes-Oxley Compliance: Key Strategies for Business Improvement links these two key business strategies and explains how to perform IT auditing in a comprehensive and strategic manner.

Based on 46 years of experience as a consultant to the boards of major corporations in manufacturing and banking, the author addresses objectives, practices, and business opportunities expected from auditing information systems. Topics discussed include the concept of internal control, auditing functions, internal and external auditors, and the responsibilities of the board of directors.

The book uses several case studies to illustrate and clarify the material. Its chapters analyze the underlying reasons for failures in IT projects and how they can be avoided, examine critical technical questions concerning information technology, discuss problems related to system reliability and response time, and explore issues of compliance.

The book concludes by presenting readers with a “what if” scenario. If Sarbanes-Oxley legislation had passed the U.S. Congress in the late 1990s or even 2000, how might this have influenced the financial statements of Enron and Worldcom? We can never truly know the answer, but if companies make use of the procedures in this book, debacles such as these – and those which led to the 2007-2008 credit and banking crisis – will remain a distant memory.

About the Author

Since 1961, Dr. Dimitris N. Chorafas has advised financial institutions and industrial corporations in strategic planning, risk management, computers and communications systems, and internal controls. A graduate of the University of California, Los Angeles, the University of Paris, and the Technical University of Athens, Dr. Chorafas is also a Fulbright scholar.

Financial institutions that have sought his assistance include the Union Bank of Switzerland, Bank Vontobel, CEDEL, the Bank of Scotland, Credit Agricole, Österreichische Länderbank (Bank Austria), First Austrian Bank, Commerzbank, Dresdner Bank, Demir Bank, Mid-Med Bank, Banca Nazionale dell’Agricoltura, Istituto Bancario Italiano, Credito Commerciale, and Banca Provinciale Lombarda.

Among multinational corporations, Dr. Chorafas has worked as a consultant to top management for General Electric-Bull, Univac, Honeywell, Digital Equipment Corporation, Olivetti, Nestlé, Omega, Italcementi, Italmobiliare, AEG-Telefunken, Olympia, Osram, Antar, Pechiney, the American Management Association, and a host of other client firms in Europe and the United States.

Dr. Chorafas has served on the faculty of the Catholic University of America and as a visiting professor at Washington State University, George Washington University, University of Vermont, University of Florida, Georgia Institute of Technology, University of Alberta, Technical University of Karlsruhe, Ecole d’Etudes Industrielles de l’Université de Genève, École Polytechnic Fédérale de Lausanne, Polish Academy of Sciences, and Russian Academy of Sciences.

More than 8,000 banking, industrial, and government executives have participated in his seminars in the United States, England, Germany, Italy, other European countries, Asia, and Latin America.

Dr. Chorafas is the author of 145 books, some of which have been translated into 16 languages.

In this Book

  • Internal Control and Information Technology
  • Case Studies on Internal Control’s Contribution
  • Auditing Functions
  • Internal and External Audit
  • The Board’s Accountability for Audit
  • Auditing the Information Technology Functions
  • Strategic IT Auditing—A Case Study
  • A Constructive View—Suggestions for IT Restructuring
  • A Broader Perspective of IT Auditing
  • Auditing IT Response Time and Reliability
  • Auditing the Security System
  • Sarbanes-Oxley Compliance and IT’s Contribution
  • What If—Backtesting Sarbanes-Oxley