Higher Education

Information Technology Auditing, 3rd Edition

  • includes ACL CD-ROM
  • James A. Hall Lehigh University
  • ISBN-10: 1439079110  |  ISBN-13: 9781439079119
  • 672 Pages
  • Previous Editions: 2005, 2000
  • © 2011 | Published
  • College Bookstore Wholesale Price = $157.50
  • Newer Edition Available
  *Why an online review copy?
  • It's the greener, leaner way to review! An online copy cuts down on paper and on time. Reduce the wait (and the weight) of printed texts. Your online copy arrives instantly, and you can review it anytime from your computer or favorite mobile device.

If you prefer a print copy to review, please contact your representative.



IT AUDITING is an innovative and cutting edge product, which provides students an understanding of how to audit accounting information systems, including such new and expanded coverage of enterprise systems, fraud and fraud detection topics as continuous online auditing. It ensures a solid background in traditional auditing as well as in the auditing of accounting information systems. Students will gain a true understanding of how these audits take place in the real world.

Features and Benefits

  • A RISK ANALYSIS APPROACH. This text focuses on identifying key threats and describes the audit tests and procedures in the following areas: Operating Systems (mainframes and PCs), Data Management, Systems Development, Electronic Commerce (including networks, EDI and Internet risks), Organizational Structure, Computer Center, and Computer Applications (Revenue and Expenditure cycle).
  • COMPUTER AIDED AUDIT TOOLS and TECHNIQUES (CAATTs) are used in today's most cutting edge, modern organizations. These are discussed and illustrated in an easy to understand manner for the student.
  • COMPUTER CONTROL ISSUES and their impact on both operational efficiency and the auditor's attest responsibility are dealt with thoroughly in this edition.

Table of Contents

1. Auditing, Assurance, and Internal Control.
2. IT Governance.
3. System Security I--Networks and Operating Systems.
4. System Security II--Data Management.
5. Systems Development and Program Change Procedures.
6. Overview of Transaction Processing and financial Reporting Systems.
7. Computer-Assisted Audit Tools and Techniques.
8. CAATTs for Data Extraction and Analysis.
9. Application Controls and Substantive Testing I--The Revenue Cycle.
10. Application Controls and Substantive Testing II--The Expenditure Cycle.
11. Enterprise Resource Planning Systems.
12. Ethics, Fraud Schemes and Fraud Detection.

What's New

  • An Updated and Reorganized Chapter 1, Auditing, Assurance, and Internal Control, provides an overview of IT audit issues and auditor responsibilities that follow Sarbanes-Oxley (SOX) legislation, the COS) internal control model, and SAS 109.
  • Chapters 2, 3, 4, and 5 have been updated and significantly revised to present General Control and audit issues in accordance with SOX and COSO framework as follows:Chapter 2, IT Governance, includes structuring the IT function, disaster recovery planning, and IT outsourcing.Chapter 3, System Security I--Networks and Operating Systems, deals with network and operating system risks, controls, and audit procedures.Chapter 4, System Security II--Data Management Systems, examines database risks, controls, and audit issues.Chapter 5, Systems Development and Program Change Procedures, presents the risks, control and audit procedures related to the system development life cycle.
  • A New Chapter 6, Overview of Transaction Processing and Financial Reporting Systems, has been added that provides the foundation for material covered in subsequent chapters pertaining to application controls, tests, of controls, and substantive tests.
  • A Revised Chapter 8, CAATTs for Data Extraction and Analysis, now focuses more heavily on the relational database model. Understanding database structures and normalization principles is essential in performing data extraction for substantive tests.
  • New Appendix to Chapter 8 has been added to provide students with a comprehensive, accounting-oriented data normalization example. This chapter also introduces ACL, which several subsequent chapters draw upon in performing audit tests.
  • Updated Chapter 12, Ethics, Fraud Schemes and Fraud Detection, reflects current auditor responsibilities for detecting fraud. The material has been expanded to address a wider range of fraud techniques.
  • The end-of-chapter questions, problems, and cases have been extensively revised and expanded in most chapters.


All supplements have been updated in coordination with the main title. Select the main title's "About" tab, then select "What's New" for updates specific to title's edition.

For more information about these supplements, or to obtain them, contact your Learning Consultant.

Instructor Supplements

Solution Manual  (ISBN-10: 0538469285 | ISBN-13: 9780538469289)

The Solutions Manual, available online only, contains answers to all of the end-of-chapter material in the text.

Meet the Author

Author Bio

James A. Hall

James A. Hall is a Professor of Accounting, Co-Director of the Computer Science and Business program, and the Peter E. Bennett Chair in Business and Economics at Lehigh University in Bethlehem, PA. After his discharge from the U.S. Army, he entered the University of Tulsa in 1970 and received a BSBA in 1974 and an MBA in 1976. He earned his Ph.D. from Oklahoma State University in 1979. Hall has worked in the field of systems analysis and computer auditing, and has served as consultant in these areas to numerous organizations. Dr. Hall has published articles in the JOURNAL OF ACCOUNTING, AUDITING & FINANCE, JOURNAL OF MIS, COMMUNICATIONS OF THE ACM, JOURNAL OF MANAGEMENT SYSTEMS, MANAGEMENT ACCOUNTING, JOURNAL OF COMPUTER INFORMATION SYSTEMS, THE JOURNAL OF ACCOUNTING EDUCATION, THE REVIEW OF ACCOUNTING INFORMATION SYSTEMS, and other professional journals. He is also the author of ACCOUNTING INFORMATION SYSTEMS, 9E, published by South-Western College Publishing. His research interests include internal controls, computer fraud, and IT outsourcing.