Volume 3, 2012

The ISACA Journal is dedicated to the publication of managerial and technical guidance from experienced global authors to enhance the proficiency and competitive advantage of its international readership. With volume 3, 2012, the Journal focuses on the theme Audit Process, with articles on SOC progress, audit evidence, and communication, among others.

Journal
- Current Issue
- JOnline
- Past Issues
  - 2013
  - 2012
    - Volume 6
    - Volume 5
    - Volume 4
    - Volume 3
    - Volume 2
    - Volume 1
  - 2011
  - 2010
  - 2009
  - 2008
  - 2007
  - 2006
  - 2005
  - 2004
  - 2003
  - 2002
  - 2001
  - 2000
- Journal Author Blog
- Submit an Article
- Advertise
- CPE Quizzes
- Current Digital Journal
- Journal Mobile Apps

Cloud Computing

Cloud Computing as an Integral Part of a Modern IT Strategy

Kai-Uwe Ruhse, CISA, PCI QSA, and Maria Baturova
This article describes real cloud computing project case studies, which show that moving to the cloud is an important strategic decision for IT managers.

CPE Quiz

Quiz 142

Based on Volume 1, 2012

Features

A Primer on Nonrelational, Distributed Databases for IS Professionals

Steve Markey
Once thought of as a technology solely for academia, non-RDBMS are now reaching critical mass in industry.

Adopting Continuous Auditing/Continuous Monitoring in Internal Audit

Miklos A. Vasarhelyi, Ph.D., Silvia Romero, Ph.D., Siripan Kuenkaikaew, CISA, and Jim Littley
This article examines how internal audit has progressed with the implementation of CA/CM.

Audit Evidence Refresher

Ookeditse Kamau, CISA, CIA
Quality evidence collected during the audit process enhances the overall quality of the work performed and significantly reduces audit risk.

Communication—The Missing Piece

Danny M. Goldberg, CISA, CGEIT, CCSA, CIA, CPA
Interpersonal and communication skills are as, or more, important than general audit capabilities.

Haruspex—Simulation-driven Risk Analysis for Complex Systems

Fabrizio Baiardi, Claudio Telmon, CISA, CISSP, and Daniele Sgandurra, Ph.D.
Haruspex is a risk evaluation methodology defined and implemented by the research group on risk management in the Department of Computer Science at the University of Pisa, Italy.

Project Portfolio Management

Aarni Heiskanen, LJK
A program or project portfolio explains how an organization is implementing its strategy with projects.

SOC Progress Report

Brian Vazzana, CISA, CITP, CPA
SOC reports examine the controls present at the service organizations and consider how those controls are designed and operate.

Five Questions

Five Questions With...

Robert Findlay, CISA
Robert Findlay has had a 30-year career in a variety of IT roles, including computer operations, programming, project management, IT audit and emergency project management.

Information Ethics

Policy Vacuums

Vasant Raval, CISA, DBA
A cohesive effort on all fronts by the community of organizations could lead to best practices, benchmarks and even accreditation standards in the arena of information ethics.

Information Security Matters

This Should Not Be Happening

Steven J. Ross, CISA, CISSP, MBCP
To accelerate investments in security, we security professionals must do a better job of communicating the reality of the threats that our organizations face.

IT Audit Basics

Auditing Applications, Part 1

Tommie W. Singleton, Ph.D., CISA, CGEIT, CITP, CPA
This two-part article describes one framework for performing effective audits of applications.

Online Exclusive

JOnline: Book Review—Security, Audit and Control Features Oracle PeopleSoft, 3rd Edition

ISACA | Reviewed by Shasikanth Malipeddi, CISA
Oracle PeopleSoft HCM is one of the most commonly used human capital management (HCM) system found in medium to large companies in the US.

JOnline: Book Review—The Operational Risk Handbook for Financial Companies

Brian Barnier | Reviewed by Horst Karin, Ph.D., CISA, CRISC, CISSP, ITIL
In the last years, it has become more and more evident that there is a growing gap between taking financial risk and the liability for taking risk.

JOnline: Transitioning From SAS 70 to SSAE 16

Pritam Bankar, CISA, CISM and Harmeet Kaur, CEH
This article highlights the need for SSAE 16, the notable differences and similarities between SSAE 16 and SAS 70, and estimates the effort required to transition to the new standard

Standards, Guidelines, Tools and Techniques

ISACA Member and Certification Holder Compliance
An up-to-date listing of the current IT Audit and Assurance Standards, Guidelines, and Tools and Techniques

Translated Articles

コミュニケーション—欠けている構成要素

Danny M. Goldberg 氏 (CISA、CGEIT、CCSA、CIA、CPA)
対人スキルおよびコミュニケーションスキルは、一般的な監査能力に勝るとも劣らないくらい重要です。

監査証拠復習

Ookeditse Kamau 氏 (CISA、CIA)
監査プロセス中に質の高い証拠を収集できれば、遂行している作業全体の質が高まり、監査リスクが軽減します.


What is CISA	What is CISM	What is CGEIT	What is CRISC
Benefits of CISA	Benefits of CISM	Benefits of CGEIT	Benefits of CRISC
How to Become Certified	How to Become Certified	How to Become Certified	How to Become Certified
Register for the Exam	Register for the Exam	Register for the Exam	Register for the Exam
Prepare for the Exam	Prepare for the Exam	Prepare for the Exam	Prepare for the Exam
Taking the Exam	Taking the Exam	Taking the Exam	Taking the Exam
Apply for Certification	Apply for Certification	Apply for Certification	Apply for Certification
Maintain Your CISA	Maintain Your CISM	Maintain Your CGEIT	Maintain Your CRISC

World Congress: INSIGHTS	Training Week	Webinars
North America CACS	eLearning Campus	Virtual Conferences
EuroCACS / ISRM	On-Site Training
Governance, Risk and Control	Exam Review Courses	COBIT EDUCATION
North America ISRM
Latin America CACS / ISRM
Oceania CACS
Asia-Pacific CACS / ISRM


COBIT 5 Home
Product Family
Training & Accreditation
Licensing
Join the Conversation
News
Recognition
FAQs

ISACA: Serving IT Governance Professionals

Volume 3, 2012

Read the Digital Journal