Description
The purpose of this book is to help understand how information technology (IT) affects risks, what controls should be implemented to mitigate risks and how controls can be tested and assessed to provide assurance to management, customers and auditors. This book focuses on system assurance, i.e., assurance that risks are adequately mitigated with internal controls. It discusses assurance from the perspectives of management and auditors. Many chapters of this book provide guidelines to auditors in identifying and testing internal controls.
