Welcome
Chapter 1
- AICPA IFRS Resources. What is IFRS? http://www.ifrs.com/ifrs_faqs.html#q1 (accessed October 2016).
- American Institute of Certified Public Accountants (AICPA), 2011 Top Technology Initiatives, http://www.aicpa.org/InterestAreas/InformationTechnology/Resources/TopTechnologyInitiatives/Pages/2011TopTechInitiatives.aspx.
- Chen, Y., Paxson, V., & Katz, R. H. (2010). What’s new about cloud computing security? tech. report UCB/EECS-2010-5, EECS Dept., Univ. of California, Berkeley, 2010; www.eecs.berkeley.edu/Pubs/TechRpts/2010/EECS-2010-5.html.
- Cloud computing in 2016 - Private company issues and opportunities. Deloitte.
- http://www2.deloitte.com/us/en/pages/deloitte-growth-enterprise-services/articles/private-company-cloud-computing.html (accessed October 2016).
- EY Big Data and Analytics in the Audit Process. EY Center for Board Matters' September 2015. http://www.ey.com/Publication/vwLUAssets/ey-big-data-and-analytics-in-the-audit-process/$FILE/ey-big-data-and-analytics-in-the-audit-process.pdf (accessed December 2015).
- Final Version of NIST Cloud Computing Definition Published. https://www.nist.gov/news-events/news/2011/10/final-version-nist-cloud-computing-definition-published (accessed October 2011).
- Gallegos, F., Due professional care, Inf. Syst. Control J., 2, 25–28, 2002.
- Gallegos, F., IT auditor careers: IT governance provides new roles and opportunities, IS Control J., 3, 40–43, 2003.
- Gallegos, F. and A. Carlin, IT audit: A critical business process, Computer Magazine, pp. 87–89, Vol. 40, No. 7, IEEE, July 2007.
- Gartner IT Glossary, n.d. Gartner IT Glossary (n.d.). http://www.gartner.com/it-glossary/big-data/ (accessed October 2016).
- Gartner's 2015 Hype Cycle for Emerging Technologies Identifies the Computing Innovations That Organizations Should Monitor. http://www.gartner.com/newsroom/id/3114217 (accessed July 2015).
- Gartner Says the Internet of Things Will Transform the Data Center. http://www.gartner.com/newsroom/id/2684616 (accessed October 2014).
- High Technology Crime Investigation Association, HTCIA.org.
- Ibrahim, Nargiz. "IT audit 101: internal audit is responsible for evaluating whether IT risks are appropriately understood, managed, and controlled." Internal Auditor. http://go.galegroup.com/ps/i.do?id=GALE%7CA372553480&sid=googleScholar&v=2.1&it=r&linkaccess=fulltext&issn=00205745&p=AONE&sw=w&authCount=1&u=melb26933&selfRedirect=true (accessed June 2014).
- IDC, “Worldwide Public Cloud Services Spending Forecast to Reach $266 Billion in 2021, According to IDC”, USA, http://www.idc.com/getdoc.jsp?containerId=prUS42889917 (accessed July 2017).
- Information Systems Audit and Control Foundation, COBIT, 5th Edition, Information Systems Audit and Control Foundation, Rolling Meadows, IL, http://www.isaca.org/Knowledge-Center/COBIT/Pages/Overview.aspx (accessed June 2012).
- Information Systems Audit and Control Association, 2011 CISA Examination Domain, ISACA Certification Board, Rolling Meadows, IL, 2010.
- ISACA, Innovation Insights: Top Digital Trends That Affect Strategy, USA, www.isaca.org/knowledge-Center/Research/Pages/isaca-innovation-insights.aspx (accessed March 2015).
- ISACA Innovation Insights. ISACA. http://www.isaca.org/knowledge-center/research/pages/cloud.aspx (accessed September 2016).
- ISACA Innovation Insights. ISACA. http://www.isaca.org/knowledge-Center/Research/Pages/isaca-innovation-insights.aspx (accessed September 2016).
- ISACA's Glossary. ISACA. http://www.isaca.org/Pages/Glossary.aspx?tid=1095&char=A (accessed October 2016).
- ISACA's Glossary. ISACA. http://www.isaca.org/Pages/Glossary.aspx?tid=1490&char=I (accessed October 2016).
- ISACA's Glossary. ISACA. http://www.isaca.org/Pages/Glossary.aspx?tid=1489&char=I (accessed October 2016).
- ISACA, The Code of Professional Ethics, Information Systems Audit Control Association Website, www.isaca.org.
- ISACA’s Programs Aligned with the Model Curriculum for IS Audit and Control. ISACA. http://www.isaca.org/knowledge-center/academia/pages/programs-aligned-with-model-curriculum-for-is-audit-and-control.aspx (accessed October 2016).
- Nelson, B., A. Phillips, and C. Steuart. Guide to Computer Forensics and Investigations, Course Technology, Cengage Learning, Boston, MA, 2010.
- Otero, A. R. “Impact of IT Auditors’ Involvement in Financial Audits”, International Journal of Research in Business and Technology, Vol. 6, No. 3, pp. 841 - 849, 2015.
- PCI Security. PCI Security Standards Council. https://www.pcisecuritystandards.org/pci_security/ (accessed October 2016).
- SANS' Information Security Policy Templates. https://www.sans.org/security-resources/policies/general (accessed October 2016).
- Senft, S., Gallegos, F, and Davis, A. 2012. Information Technology Control and Audit. Boca Raton: CRC Press/Taylor & Francis.
- Singleton, T., The ramifications of the Sarbanes–Oxley, IS Control J., 3, 11–16, 2003.
- Statements on Auditing Standards. AICPA. http://www.aicpa.org/research/standards/auditattest/pages/sas.aspx#SAS117 (accessed October 2016).
- Takabi, H., Joshi, J. B. D., & Ahn, G. (2011). Security and privacy challenges in cloud computing environments. IEEE Security and Privacy, 8(6), 24-31.
- TechAmerica Foundation's Federal Big Data Commission Demystifying big data: A practical guide to transforming the business of Government (2012) http://www.techamerica.org/Docs/fileManager.cfm?f=techamerica-bigdatareport-final.pdf (accessed December 2012).
- The Best Mobile Device Management (MDM) Solutions of 2016. PC Magazine. http://www.pcmag.com/article/342695/the-best-mobile-device-management-mdm-software-of-2016 (accessed November 2016).
- The Comprehensive National CyberSecurity Initiative, http://www.whitehouse.gov/cybersecurity/comprehensive-national-cybersecurity-initiative (accessed July 2012).
- The Institute of Internal Auditors. Definition of Internal Auditing. https://www.iia.org.au/aboutIIA/definitionOfIA.aspx (accessed October 2016).
- Top 10 ERP Software Vendors and Market Forecast 2015-2020. Apps Run The World. https://www.appsruntheworld.com/top-10-erp-software-vendors-and-market-forecast-2015-2020/ (accessed October 2016).
- U.S. Securities and Exchange Commission. SEC Announces Financial Fraud Cases. Press Release, https://www.sec.gov/news/pressrelease/2016-74.html (accessed October 2016).
- What is Cloud Computing? PC Magazine. http://www.pcmag.com/article2/0,2817,2372163,00.asp (accessed November 2016).
- Worldwide Public Cloud Services Spending Forecast to Double by 2019, According to IDC. http://www.idc.com/getdoc.jsp?containerId=prUS40960516 (accessed October 2016).
Chapter 2
- Author unknown, 2009 Internet Crime Report, Internet Crime Complaint Center IC3, March 12, 2010, p. 14, June 2, 2010, http://www.ic3.gov/media/annualreport/2009_IC3Report.pdf.
- Author unknown, The Department of Justice’s Efforts to Combat Identity Theft, US Department of Justice Office of the Inspector General, March 2010, June 2, 2010, http://www.justice.gov/oig/reports/plus/a1021.pdf.
- CIPHER—Electronic Newsletter of the Technical Committee on Security and Privacy, A Technical Committee of the Computer Society of the IEEE, http://www.ieee-security.org/cipher.html.
- Computer Security Division, Computer Security Resource Center. NIST. http://csrc.nist.gov/groups/SMA/fisma/overview.html (accessed October 2016).
- Computer Crime Statutes. National Conference of State Legislatures. Accessed on October. http://www.ncsl.org/research/telecommunications-and-information-technology/computer-hacking-and-unauthorized-access-laws.aspx (accessed January 2017).
- Confidentiality breach: Hospital sent patient records to auto shop. Questex LLC. http://www.fiercehealthcare.com/story/confidentiality-breach-hospital-sent-patient-records-auto-shop/2010-06-28 (accessed January 2017).
- Cybersecurity Legislation 2016. National Conference of State Legislatures. http://www.ncsl.org/research/telecommunications-and-information-technology/cybersecurity-legislation-2016.aspx (accessed October 2016).
- China Continuing Cyber Attacks on U.S. Networks. The Washington Free Beacon. http://freebeacon.com/national-security/china-continuing-cyber-attacks-on-u-s-networks/ (accessed October 2016).
- Data Disposal Laws. National Conference of State Legislatures. http://www.ncsl.org/research/telecommunications-and-information-technology/data-disposal-laws.aspx (accessed October 2016).
- Data Protection. Privacy International. https://www.privacyinternational.org/node/44 (accessed November 2016).
- Federal Bureau of Investigation. Public Service Announcement. Criminals Host Fake Government Services Web Sites to Acquire Personally Identifiable Information and to Collect Fraudulent Fees. http://www.ic3.gov/media/2015/150407-2.aspx (accessed December 2015).
- Gallegos, F., Federal Laws Affecting IS Audit and Control Professionals, EDP Auditing Series #72-10-20, Auerbach Publishers, Boca Raton, FL, 2001, pp. 1–20.
- Health IT Legislation and Regulations. HealthIT.gov.
https://www.healthit.gov/policy-researchers-implementers/health-it-legislation (accessed October 2016). - Hathaway, Oona A., Rebecca Crootof, Philip Levitz, Haley Nix, Aileen Nowlan, William Perdue, and Julia Spiegel. "The Law of Cyber-Attack." California Law Review 100, no. 4 (2012): 817-85. http://www.jstor.org/stable/23249823.
- Herath, T., & Rao, H. R. (2009). Encouraging information security behaviors in organizations: Role of penalties, pressures, and perceived effectiveness. Decision Support Systems, 47(2), 154-165.
- HITECH Act Enforcement Interim Final Rule. U.S. Department of Health & Human Services. http://www.hhs.gov/hipaa/for-professionals/special-topics/HITECH-act-enforcement-interim-final-rule/ (accessed November 2016).
- HG.org Legal Resources. Information Technology Law - Guide to IT Law. https://www.hg.org/information-technology-law.html#1 (accessed October 2016).
- How to Comply with the Privacy of Consumer Financial Information Rule of the Gramm-Leach-Bliley Act. 2002. Federal Trade Commission. https://www.ftc.gov/tips-advice/business-center/guidance/how-comply-privacy-consumer-financial-information-rule-gramm#whois
- Inserra, David. 69th Islamist Terrorist Plot: Ongoing Spike in Terrorism Should Force Congress to Finally Confront the Terrorist Threat. The Heritage Foundation. http://www.heritage.org/research/reports/2015/06/69th-islamist-terrorist-plot-ongoing-spike-in-terrorism-should-force-congress-to-finally-confront-the-terrorist-threat
- Meaningful Use. Tech Target. http://searchhealthit.techtarget.com/definition/meaningful-use (accessed on October 2016).
- Medical Privacy—National Standards to Protect the Privacy of Personal Health Information, http://www.hhs.gov/ocr/hipaa/.
- New York Times, Twitter hacked by Syrian group. The Daily Star. http://www.thedailystar.net/news/new-york-times-twitter-hacked-by-syrian-group (accessed on February 2016)
- PCI Security. PCI Security Standards Council. https://www.pcisecuritystandards.org/pci_security/ (accessed on December 2016).
- Privacy. ISACA® Glossary of Terms. https://www.isaca.org/Knowledge-Center/Documents/Glossary/glossary.pdf
- Privacy Act of 1974 and Amendments, Document from the CPSR privacy/information archive, https://epic.org/privacy/1974act/
- Privacy Guidelines for NII Review of Proposed Principles of the Privacy Working Group, compiled by Electronic Privacy Information Center, http://www.epic.org.
- Russia suspected in cyberattacks on US news outlets. New York Post. http://nypost.com/2016/08/23/russia-suspected-in-cyber-attacks-on-us-news-outlets/ (accessed August 2016).
- Sarbanes-Oxley-101. Section 302: Corporate Responsibility for Financial Reports http://www.sarbanes-oxley-101.com/SOX-302.htm (accessed on August 2016).
- Sarbanes-Oxley-101. Section 404: Management Assessment of Internal Controls. http://www.sarbanes-oxley-101.com/SOX-404.htm (accessed on August 2016).
- Security Breach Notification Laws. National Conference of State Legislatures. http://www.ncsl.org/research/telecommunications-and-information-technology/security-breach-notification-laws.aspx#1 (accessed on October 2016).
- Senft, S., Gallegos, F, and Davis, A. 2012. Information Technology Control and Audit. Boca Raton: CRC Press/Taylor & Francis.
- State Social Media Privacy Laws. National Conference of State Legislatures. http://www.ncsl.org/research/telecommunications-and-information-technology/state-laws-prohibiting-access-to-social-media-usernames-and-passwords.aspx (accessed on October 2016).
- UETA and ESIGN Act. DocuSign Inc. https://www.docusign.com/learn/esign-act-ueta (accessed December 2016).
- U.S. Congress, Computer Security Act of 1987, compiled by Electronic Privacy Information Center, http://www.epic.org/crypto/csa.
- U.S. Department of Health and Services, Office for Civil Rights—HIPAA, http://aspe.hhs.gov/admnsimp/pL104191.htm.
- U.S. Department of Justice, Federal Bureau of Investigation. 2016 Internet Crime Report. https://pdf.ic3.gov/2016_IC3Report.pdf (accessed on November 2016).
- U.S. Department of Justice, Federal Bureau of Investigation. 2015 Internet Crime Report. https://pdf.ic3.gov/2015_IC3Report.pdf (accessed on December 2015).
- U.S. Department of Justice, Federal Bureau of Investigation. 2014 Internet Crime Report. https://pdf.ic3.gov/2014_IC3Report.pdf (accessed on December 2015)
- U.S. Department of Justice, Office of Justice Programs, Bureau of Justice Assistance. E-Government Act of 2002. https://www.it.ojp.gov/PrivacyLiberty/authorities/statutes/1287 (accessed on June 2013)
- United States formally accuses Russian hackers of political cyberattacks. Reuters. http://www.reuters.com/article/us-usa-cyber-russia-idUSKCN12729B (accessed on December 2016)
- U.S. Government Accountability Office, Testimony before Congressional Subcommittees on Information Security, February 14, 2008.
Chapter 3
- AICPA's Audit Analytics and Continuous Audit - Looking Toward the Future. Accessed in August 2017. Source: http://www.aicpa.org/InterestAreas/FRC/AssuranceAdvisoryServices/DownloadableDocuments/AuditAnalytics_LookingTowardFuture.pdf
- Benson, J., The Importance of Monitoring. Internal Auditor. Institute of Internal Auditors, Altamonte Springs, FL, August 2007.
- Berry, L., A Kinder, Gentler Audit. Internal Auditor. Institute of Internal Auditors, Altamonte Springs, FL, October 2007.
- Bodin, L., Gordon, L., & Loeb, M. (2008). Information security and risk management. Communications of the ACM, 51(1), 64-68.
- Casas, E., Tell It Like It Is. Internal Auditor. Institute of Internal Auditors, Altamonte Springs, FL, October 2007.
- Cavusoglu, H., Mishra, B., & Raghunathan, S. (2004). A model for evaluating IT security investments. Communications of the ACM, 47(1), 87-92.
- Chaney, C. and K. Gene, The Integrated Auditor. Internal Auditor. Institute of Internal Auditors, Altamonte Springs, FL, August 2007.
- Deloitte LLP (2014). IT Audit Planning Work Papers. Unpublished internal document.
- EY's Ten key IT considerations for internal audit - Effective IT risk assessment and audit planning. (February 2013). Insights on governance, risk and compliance. http://www.ey.com/Publication/vwLUAssets/Ten_key_IT_considerations_for_internal_audit/$FILE/Ten_key_IT_considerations_for_internal_audit.pdf
- Flipek, R., IT Audit Skills Found Lacking. Internal Auditor. Institute of Internal Auditors, Altamonte Springs, FL, June 2007.
- Gallegos, F., The audit report and follow up: Methods and techniques for communicating audit findings and recommendations, Inf. Syst. Control J., 4, 17–20, 2002.
- Gallegos, F. and L. Preiser-Houy, Reviewing Focus Database Applications, EDP Auditing Series, 74-10-23, Auerbach Publishers, Boca Raton, FL, 2001, pp. 1–24.
- Hyde, G., Enhanced Audit Testing. Internal Auditor. Institute of Internal Auditors, Altamonte Springs, FL, August 2007.
- Information Systems Audit and Control Foundation, COBIT, 5th Edition, Information Systems Audit and Control Foundation, Rolling Meadows, IL, http://www.isaca.org/Knowledge-Center/COBIT/Pages/Overview.aspx (accessed June 2012).
- IS Audit Basics. The Process of Auditing Information Systems. http://www.isaca.org/knowledge-center/itaf-is-assurance-audit-/pages/is-audit-basics.aspx (accessed July 2017).
- Manson, D. and F. Gallegos, Auditing DBMS Recovery Procedures, EDP Auditing Series, 75-20-45, Auerbach Publishers, Boca Raton, FL, September 2002, pp. 1–20.
- McAfee Labs 2017 Threats Predictions report issued on November 2016. https://www.mcafee.com/au/resources/reports/rp-threats-predictions-2017.pdf (accessed October 2017).
- McAfee Labs Threats Report - December 2016 https://www.mcafee.com/ca/resources/reports/rp-quarterly-threats-dec-2016.pdf (accessed October 2017).
- McCafferty, J. (2016). Five Steps to Planning an Effective IT Audit Program, MIS Training Institute. http://misti.com/internal-audit-insights/five-steps-to-planning-an-effective-it-audit-program
- Menkus, B. and F. Gallegos, Introduction to IT Auditing, #71-10-10.1, Auerbach Publishers, Boca Raton, FL, 2002, pp. 1–20.
- National Vulnerability Database. National Institute of Standards and Technology. https://nvd.nist.gov/vuln/search (accessed August 2017).
- Otero, A. R. (2015). An Information Security Control Assessment Methodology for Organizations’ Financial Information, International Journal of Accounting Information Systems, Vol. 18, No. 1, pp. 26 - 45, 2015.
- Otero, A. R. (2015). Impact of IT Auditors' Involvement in Financial Audits, International Journal of Research in Business and Technology, Vol. 6, No. 3, pp. 841 - 849.
- Otero, A. R., Tejay, G., Otero, L. D., and Ruiz, A. (2012). A Fuzzy Logic-based Information Security Control Assessment for Organizations, IEEE Conference on Open Systems.
- Otero, A. R., Otero, C. E., Qureshi, A., (2010). A Multi-Criteria Evaluation of Information Security Controls Using Boolean Features, International Journal of Network Security & Applications, Vol. 2, No. 4, pp. 1 - 11.
- Pareek, M., Optimizing Controls to Test as Part of a Risk-based Audit Strategy. Information Systems Audit and Control Association, Journal Online, 2006.
- Romney, M. B., & Steinbart, P. J. (2015). Accounting Information Systems 13E, Pearson Education.
- Richardson, V. J., Chang, C. J., & Smith, R. (2014). Accounting Information Systems. McGraw Hill
- SANS' Information Security Policy Templates. https://www.sans.org/security-resources/policies/general (accessed October 2016).
- Sarbanes-Oxley-101. Section 404: Management Assessment of Internal Controls. http://www.sarbanes-oxley-101.com/SOX-404.htm (accessed on August 2016).
- Senft, S., Gallegos, F, and Davis, A. 2012. Information Technology Control and Audit. Boca Raton: CRC Press/Taylor & Francis.
- Singleton, T., The ramifications of the Sarbanes–Oxley Act, Inf. Syst. Control J., 3, 11–16, 2003.
- U.S. General Accounting Office, Assessing the Reliability of Computer Processed Data Reliability. https://digital.library.unt.edu/ark:/67531/metadc302511/ (accessed November 2016).
- U.S. General Accounting Office, Government Auditing Standards 2017 Exposure Draft. http://www.gao.gov/yellowbook (accessed May 2017).
- U.S. General Accounting Office, Standards for Internal Control in the Federal Government, September 2014, GAO/AIMD 00-21.3.1.
Chapter 4
- AICPA's Audit Analytics and Continuous Audit - Looking Toward the Future. Accessed in August 2017. Source: http://www.aicpa.org/InterestAreas/FRC/AssuranceAdvisoryServices/DownloadableDocuments/AuditAnalytics_LookingTowardFuture.pdf
- AICPA, Information Technology Considerations in Risk-Based Auditing: A Strategic Overview, AICPA Top Technology Initiatives 2007, June 26, 2007.
- Barbin, D. and J. Patzakis, Cybercrime and forensics, IS Control J., 3, 25–27, 2002.
- Bates, T.J., Computer evidence—Recent issues, Inf. Sec. Tech. Rep., 5(2), 15–22, 2000.
- Braun, R. L., & Davis, H. E. (2003). Computer‐assisted audit tools and techniques: analysis and perspectives. Managerial Auditing Journal, 18:9, 725-731. http://www.emeraldinsight.com/doi/full/10.1108/02686900310500488
- Cerullo, V.M. and M.J. Cerullo, Impact of SAS No. 94 on computer audit techniques, IS Control J., 1, 53–57, 2003.
- Computer Forensic Tool Testing (CFTT) Project Website, National Institute of Standards and Technology, http://www.cftt.nist.gov/ (accessed March 2017)
- Deloitte LLP (2014). ACL for Auditors. Unpublished internal document.
- Deloitte LLP (2014). IT Audit Planning Work Papers. Unpublished internal document.
- EY's Ten key IT considerations for internal audit - Effective IT risk assessment and audit planning. (February 2013). Insights on governance, risk and compliance. http://www.ey.com/Publication/vwLUAssets/Ten_key_IT_considerations_for_internal_audit/$FILE/Ten_key_IT_considerations_for_internal_audit.pdf
- Gallegos, F., WebMetrics: Computer-Assisted Audit Tools, EDP Auditing Series, #73-20-50, Auerbach Publishers, Boca Raton, FL, 2001, pp. 1–16.
- Gallegos, F., Personal Computers in IT Auditing, EDP Auditing, #73-20-05, Auerbach Publishers, Boca Raton, FL, 2002, pp. 1–7.
- Guidance Software, Inc., EnCase Enterprise, Pasadena, CA. https://www.guidancesoftware.com (accessed September 2016)
- Heiser, J. and W. Kruse, Computer Forensics—Incident Response Essentials, Addison-Wesley, Reading, MA, 2002.
- IS Audit Basics. The Process of Auditing Information Systems. http://www.isaca.org/knowledge-center/itaf-is-assurance-audit-/pages/is-audit-basics.aspx (accessed July 2017).
- James Hall (2011), Information Technology Auditing 3e, South-Western Cengage Learning
- Kaplin, J., Leverage the Internet, Internal Auditor, Institute of Internal Auditors, June 2007.
- Kneer, D.C., Continuous assurance: We are way overdue, IS Control J., 1, 30–34, 2003.
- Laudon, K. C., & Laudon, J. P. (2014). Management Information Systems - Managing the Digital Firm 13 e. Pearson.
- McCafferty, J. (2016). Five Steps to Planning an Effective IT Audit Program, MIS Training Institute. http://misti.com/internal-audit-insights/five-steps-to-planning-an-effective-it-audit-program
- Otero, A. R. (2015). An Information Security Control Assessment Methodology for Organizations’ Financial Information, International Journal of Accounting Information Systems, Vol. 18, No. 1, pp. 26 - 45, 2015.
- Otero, A. R. (2015). Impact of IT Auditors' Involvement in Financial Audits, International Journal of Research in Business and Technology, Vol. 6, No. 3, pp. 841 - 849.
- Otero, A. R., Tejay, G., Otero, L. D., and Ruiz, A. (2012). A Fuzzy Logic-based Information Security Control Assessment for Organizations, IEEE Conference on Open Systems.
- Otero, A. R., Otero, C. E., Qureshi, A., (2010). A Multi-Criteria Evaluation of Information Security Controls Using Boolean Features, International Journal of Network Security & Applications, Vol. 2, No. 4, pp. 1 - 11.
- Richardson, V. J., Chang, C. J., & Smith, R. (2014). Accounting Information Systems. McGraw Hill
- Romney, M. B., & Steinbart, P. J. (2015). Accounting Information Systems 13E, Pearson Education.
- Sarva, S. Continuous auditing through leveraging technology, Information Systems Audit and Control Association, JournalOnline, 2006.
- Sayana, S.A., Using CAATs to support IS audit, IS Control J., 1, 21–23, 2003.
- Senft, S., Gallegos, F, and Davis, A. 2012. Information Technology Control and Audit. Boca Raton: CRC Press/Taylor & Francis.
- Singleton, T., Generalized audit software: Effective and efficient tool for today’s IT audits, Information Systems Audit and Control Association, JournalOnline, 2006.
- U.S. General Accounting Office, Assessing the Reliability of Computer Processed Data Reliability. https://digital.library.unt.edu/ark:/67531/metadc302511/ (accessed November 2016).
Chapter 5
- Anzola, L., IT Governance Regulation—A Latin American perspective, Inf. Syst. Control J., 2, 2005.
- Bagranoff, N. and L. Hendry, Choosing and using Sarbanes–Oxley software, Inf. Syst. Control J., 2, 2005.
- Basel Committee on Banking Supervision, Sound Practices for the Management and Supervision of Operational Risk, Consultative Document, issued December 2010, http://www.bis.org/publ/bcbs183.pdf.
- Brancheau, J., Janz, B., & Wetherbe, J. (1996). Key issues in information systems management: 1994–95 SIM delphi results. MIS Quarterly, 20(2), 225-242.
- Burg, W. and T. Singleton, Assessing the value of IT: Understanding and measuring the link between IT and strategy, Inf. Syst. Control J., 3, 2005.
- Carr, N., IT doesn’t matter, Harvard Business Review, Harvard Business School Publications, Boston, MI, 2003.
- Dietrich, R., After year one—Automating IT controls for Sarbanes–Oxley compliance, Inf. Syst. Control J., 3, 2005.
- Global Technology Audit Guide (GTAG) 17 - Auditing IT Governance. July 2012. https://iia.nl/SiteFiles/IIA_leden/Praktijkgidsen/GTAG%2017%20Auditing%20IT%20Governance%5B1%5D.pdf
- Ho Chi, J., IT governance regulation—An Asian perspective, Inf. Syst. Control J., 2, 2005.
- Information Systems Audit and Control Foundation, COBIT, 5th Edition, Information Systems Audit and Control Foundation, Rolling Meadows, IL, http://www.isaca.org/Knowledge-Center/COBIT/Pages/Overview.aspx (accessed June 2017).
- ISACA, COBIT 5: A Business Framework for the Governance and Management of Enterprise IT (ISACA, 2012), 94.
- ISO/IEC 27001 - Information security management. Accessed in January 2017. http://www.iso.org/iso/home/standards/management-standards/iso27001.htm
- IT Governance Defined. https://www.itgovernance.co.uk/it_governance (accessed on 2017).
- IT Governance Institute. COBIT Mapping of ITIL V3 With COBIT 4.1. Rolling Meadows, IL: ISACA, 2008. Digital.
- IT Governance Institute. COBIT Mapping of ISO/IEC 17799 – 2005 With COBIT 4.0. Rolling Meadows, IL: ISACA, 2006. Digital.
- IT Governance Institute. COBIT Mapping of NIST SP800-53 Rev 1 With COBIT 4.1. Rolling Meadows, IL: ISACA, 2007. Digital.
- IT Governance Institute, Global Status Report on the Governance of Enterprise IT (GEIT)—2011, http://www.isaca.org/Knowledge-Center/Research/Documents/Global-Status-Report-GEIT-10 Jan2011-Research.pdf
- Jesse Schroeder, "Framework Comparison," NeverSys, September 6, 2015. http://neversys.com/2015/09/06/framework-comparison
- Jones, W., IT governance regulation—An Australian perspective, Inf. Syst. Control J., 2, 2005.
- Kendall, K., Streamlining Sarbanes–Oxley compliance, Internal Auditor, pp. 39–44, 2007.
- KPMG, Leveraging IT To Reduce Costs and Improve Responsiveness, KPMG International, New York, 2006.
- Leung, L., ISACA introduces IT governance certification, Network World, 2007, http://www.networkworld.com/newsletters/edu/2007/0910ed1.html.
- Mack, R. and N. Frey, Six Building Blocks for Creating Real IT Strategies, Gartner Group, Stamford, CT, R-17-63607, December 11, 2002.
- Martinsons, M., Davison, R., & Tse, D. (1999). The balanced scorecard: A foundation for the strategic management of information systems, Decision Support Systems, 25 (1), 71-88.
- Parkinson, M. and N. Baker, IT and enterprise governance, Inf. Syst. Control J., 3, 2005.
- Pohlman, M. B. (2008). Compliance Frameworks. Oracle Identity Management: Governance, Risk, and Compliance Architecture, Third Edition by New York: Auerbach Publications. http://www.infosectoday.com/Articles/Compliance_Frameworks.htm
- Senft, S., Gallegos, F, and Davis, A. 2012. Information Technology Control and Audit. Boca Raton: CRC Press/Taylor & Francis.
- Van Grembergen, W., & De Haes, S. (2006). Measuring and improving IT governance through the balanced scorecard. Inf. Syst. Control J., 2, 2005.
- Van Grembergen, W. (2000). The Balanced Scorecard and IT Governance. Challenges of Information Technology Management in the 21st Century, 2000 Information Resources Management Association International Conference, Anchorage, Alaska, USA, May 21-24, 2000. https://www.isaca.org/Certification/CGEIT-Certified-in-the-Governance-of-Enterprise-IT/Prepare-for-the-Exam/Study-Materials/Documents/The-Balanced-Scorecard-and-IT-Governance.pdf
- Williams, P., IT Alignment: Who Is in Charge? IT Governance Institute, Rolling Meadows, IL, 2005.
Chapter 6
- Bodin, L., Gordon, L., & Loeb, M. (2008). Information security and risk management. Communications of the ACM, 51(1), 64-68.
- Cavusoglu, H., Mishra, B., & Raghunathan, S. (2004). A model for evaluating IT security investments. Communications of the ACM, 47(1), 87-92.
- Deloitte LLP (2014). ACL for Auditors. Unpublished internal document.
- Deloitte LLP (2014). IT Audit Planning Work Papers. Unpublished internal document.
- Ernst & Young, Integrated Risk Management Practices, Unpublished PowerPoint slides, 2010.
- Fenz, S., & Ekelhart, A. (2010). Verification, validation, and evaluation in information security risk management. IEEE Security and Privacy, 1-14.
- Institute of Internal Auditors, https://na.theiia.org/standards-guidance/Pages/Standards-and-Guidance-IPPF.aspx.
- Information Systems Audit and Control Association (ISACA). (2011). Is the IT Risk Worth a Control? Defining a Cost-value Proposition Paradigm for Managing IT Risks. Available at http://www.isaca.org/Journal/Past-Issues/2008/Volume-6/Pages/Is-the-IT-Risk-Worth-a-Control-Defining-a-Cost-value-Proposition-Paradigm-for-Managing-IT-Risks1.aspx
- IS Audit Basics. The Process of Auditing Information Systems. http://www.isaca.org/knowledge-center/itaf-is-assurance-audit-/pages/is-audit-basics.aspx (accessed July 2017).
- ISO/IEC 27005:2011 Information technology — Security techniques — Information security risk management. ISO 27001 Security. Source: http://www.iso27001security.com/html/27005.html
- ISO/IEC 27005:2011 Information technology — Security techniques — Information security risk management. Source: https://www.iso.org/standard/56742.html
- Keblawi, F., & Sullivan, D. (2007). The case for flexible NIST security standards. IEEE Computer Society, 40(6), 19-26.
- Lindros, K., & Tittel, E. (2016). What is cyber insurance and why you need it. CIO. Source: http://www.cio.com/article/3065655/cyber-attacks-espionage/what-is-cyber-insurance-and-why-you-need-it.html
- Mayo, J. W. (2009). Risk Management for IT Projects. ISACA. http://www.isaca.org/Groups/Professional-English/risk-management/GroupDocuments/Effective_Project_Risk_Management.pdf
- McCafferty, J. (2016). Five Steps to Planning an Effective IT Audit Program, MIS Training Institute. http://misti.com/internal-audit-insights/five-steps-to-planning-an-effective-it-audit-program
- National Association of Financial Services Auditors, Enterprise Risk Management, Spring 2002, pp. 12–13.
- Otero, A. R. (2015). An Information Security Control Assessment Methodology for Organizations’ Financial Information, International Journal of Accounting Information Systems, Vol. 18, No. 1, pp. 26 - 45, 2015.
- Otero, A. R. (2015). Impact of IT Auditors' Involvement in Financial Audits, International Journal of Research in Business and Technology, Vol. 6, No. 3, pp. 841 - 849.
- Otero, A. R., Tejay, G., Otero, L. D., and Ruiz, A. (2012). A Fuzzy Logic-based Information Security Control Assessment for Organizations, IEEE Conference on Open Systems.
- Otero, A. R., Otero, C. E., Qureshi, A., (2010). A Multi-Criteria Evaluation of Information Security Controls Using Boolean Features, International Journal of Network Security & Applications, Vol. 2, No. 4, pp. 1 - 11.
- Professional Risk Managers' International Association (PRMIA), Enterprise Risk Management (ERM): A Status Check on Global Best Practices, May 2008.
- Psica, A., Risk watch—Destination ahead, Internal Auditor, 2007, pp. 77–80.
- Richardson, V. J., Chang, C. J., & Smith, R. (2014). Accounting Information Systems. McGraw Hill
- Romney, M. B., & Steinbart, P. J. (2015). Accounting Information Systems 13E, Pearson Education
- Ross, R. (2007). Managing enterprise security risk with NIST standards. IEEE Computer Society, 40(8), 88-91. doi: 10.1109/MC.2007.284
- Senft, S., Gallegos, F, and Davis, A. 2012. Information Technology Control and Audit. Boca Raton: CRC Press/Taylor & Francis.
- Singleton, T., What every IT auditor should know about the new risk suite standards, Information Systems Audit and Control Association, Inf. Syst. Control J., 5, 2007.
- Spacey, J. (2016). Five Types of Risk Treatment. Simplicable. http://simplicable.com/new/risk-treatment
- United States General Accounting Office, Information Security Risk Assessment Practices of Leading Organizations, U.S. GAO, Washington, DC http://www.gao.gov/special.pubs/ai00033.pdf (accessed January 2017).
- Unknown, GAIT for IT General Control Deficiency Assessment, The Institute of Internal Auditors, Altamonte Springs, FL, 2008.
- Unknown, GAIT for Business and IT Risk, The Institute of Internal Auditors, Altamonte Springs, FL, 2008.
- U.S. General Accounting Office, Assessing the Reliability of Computer Processed Data Reliability. https://digital.library.unt.edu/ark:/67531/metadc302511/ (accessed November 2016).
Chapter 7
- Australian Institute of Project Management (AIPM). https://www.aipm.com.au/about-us (accessed on June 20, 2017).
- Best, K., Zlockie, J., & Winston, R. (2011). International standards for project management. Paper presented at PMI® Global Congress 2011—North America, Dallas, TX. Newtown Square, PA: Project Management Institute.
- Bloch, M., Blumberg, S., & Laartz, J., "Delivering large-scale IT projects on time, on budget, and on value," McKinsey & Company - Digital McKinsey, October 2012, http://www.mckinsey.com/business-functions/digital-mckinsey/our-insights/delivering-large-scale-it-projects-on-time-on-budget-and-on-value (accessed February 6, 2017).
- Cavusoglu, H., Mishra, B., & Raghunathan, S. (2004). A model for evaluating IT security investments. Communications of the ACM, 47(1), 87-92.
- Crawford, T. (2013). Big Data Analytics Project Management. CreateSpace Independent Publishing Platform. ISBN-13: 978-1492795391
- Doerscher, T., 2008 PMO 2.0 Survey Report. The Continued Evolution of the Project, Program and Portfolio Management Office (PMO), Planview, Inc., 2009.
- EY Big Data and Analytics in the Audit Process (2015). EY Center for Board Matters' September 2015. http://www.ey.com/Publication/vwLUAssets/ey-big-data-and-analytics-in-the-audit-process/$FILE/ey-big-data-and-analytics-in-the-audit-process.pdf.
- Flynn, T. A. (2007). Integration of the project management life cycle (PMLC) and the systems development life cycle (SDLC) in accelerated project efforts: adapting project management best practices to unreasonable requests. Paper presented at PMI® Global Congress 2007—North America, Atlanta, GA. Newtown Square, PA: Project Management Institute.
- Fuster, J. E. (2006). Comparison of the European Commission's project cycle management/logical framework approach with international PM standards and methodologies: PMBOK, IPMA's ICB, ISO 10,006, PRINCE2 and TenStep. Paper presented at PMI® Global Congress 2006—EMEA, Madrid, Spain. Newtown Square, PA: Project Management Institute.
- The Global Alliance for Project Performance Standards (GAPPS). http://globalpmstandards.org/about-us/ (accessed on June 20, 2017).
- Gartner Identifies Seven Best Practices for an Effective Project Management Office. April 2016. Press Release. Stamford, Connecticut. Source: http://www.gartner.com/newsroom/id/3294017
- Gartner IT Glossary, n.d. Gartner IT Glossary (n.d.). Retrieved from http://www.gartner.com/it-glossary/big-data/.
- Gilchrist, P. (2014). Project Management Skills For Managing Big Data Projects. The Project Manager's Guide to Big Data. Accessed on June 17, 2017. Source: http://www.freepmstudy.com/BigData/BigDataPMSkills.cshtml
- Gomolski, B. and M. Smith, Program and Portfolio Management: Getting to the Next Level, Gartner Research, G00155601, Gartner Group, Stamford, CT, November 27, 2006.
- HERMES Method Overview. http://www.hermes.admin.ch/onlinepublikation/index.xhtml (accessed on June 15, 2017).
- Impact of Big Data in Project Management. (2016). MC2 Group. http://www.mc2i.fr/Impact-of-Big-Data-in-Project-Management (accessed June 24, 2017).
- International Project Management Association (IPMA). http://www.ipma.world/about/ (accessed on June 20, 2017).
- ISO 10006:2003 Guidance - Quality Management Systems and Guidelines for Quality Management in Projects. https://www.iso.org/standard/36643.html (accessed on June 3, 2017).
- Katcherovski, V. (2012). 5 Effective Project Management Methodologies and When to Use Them. Logic Software, Inc. https://explore.easyprojects.net/blog/project-management-methodologies
- Learn About PMI. Project Management Institute (PMI). http://www.pmi.org/about/learn-about-pmi (accessed on June 17, 2017).
- Light, M. and M. Halpern, Understanding Product vs. Project Portfolio Management, Gartner Research, G00130796, Gartner Group, Stamford, CT, May 2, 2006.
- Methodology. Project Management Institute. https://www.pmi.org/learning/featured-topics/methodology (accessed June 14, 2017).
- Mullaly, M. (2013). Big Data & Project Management: Is There a Point? Project Management.Com. https://www.projectmanagement.com/articles/281365/Big-Data---Project-Management--Is-There-a-Point- (accessed on June 17, 2017).
- PMBOK® Guide and Standards. Project Management Institute (PMI). http://www.pmi.org/pmbok-guide-standards (accessed on June 17, 2017).
- Portfolio, Program, and Project Management. KPMG, LLP. https://advisory.kpmg.us/managementconsulting/capabilities/portfolio-program-and-project-management.html (accessed on June 2, 2017).
- Project Management Methodologies. TutorialsPoint. https://www.tutorialspoint.com/management_concepts/project_management_methodologies.htm (accessed June 14, 2017).
- Project Management Professional Exam Outline. (2017). Project Management Institute, Inc. http://www.pmi.org/-/media/pmi/documents/public/pdf/certifications/project-management-professional-exam-outline.pdf
- Project Management Professional Handbook. (2017). Project Management Institute, Inc. Source:http://www.pmi.org/-/media/pmi/documents/public/pdf/certifications/project-management-professional-handbook.pdf
- Scheid, J. (2015). Project Management Methodologies: How Do They Compare? Bright Hub Inc. Source: http://www.brighthubpm.com/methods-strategies/67087-project-management-methodologies-how-do-they-compare/
- Senft, S., Gallegos, F, and Davis, A. 2012. Information Technology Control and Audit. Boca Raton: CRC Press/Taylor & Francis.
- Singleton, T., What every IT auditor should know about project risk management, Information Systems Audit and Control Association, JournalOnline, 2006.
- Smith, M., Express IT Project Value in Business Terms Using Gartner’s Total Value of Opportunity Methodology, Gartner Research, G00131216, Gartner Group, Stamford, CT, January 11, 2006.
- TechAmerica Foundation's Federal Big Data Commission Demystifying big data: A practical guide to transforming the business of Government (2012) Retrieved from http://www.techamerica.org/Docs/fileManager.cfm?f=techamerica-bigdatareport-final.pdf
- Total Cost Management (TCM) Framework. AACE International. Accessed June 14, 2017. Source: http://web.aacei.org/resources/publications/tcm
- What is PRINCE2? ILX Group 2017. https://www.prince2.com/usa/what-is-prince2 (accessed on June 15, 2017).
Chapter 8
- Adaptive Software Development. The Ultimate Guide to the SDLC. http://ultimatesdlc.com/adaptive-software-development/ (accessed on June 30, 2017).
- Automated Software Testing. TechTarget. http://searchsoftwarequality.techtarget.com/definition/automated-software-testing (accessed July 1, 2017).
- Black Box Testing. Software Testing Fundamentals. shttp://softwaretestingfundamentals.com/black-box-testing/ (accessed July 1, 2017).
- Deloitte LLP (2014). IT Audit Planning Work Papers. Unpublished internal document.
- Hettigei, N., The auditor’s role in IT development projects, Information Systems Audit and Control Association, Inf. Syst. Con. J., 4, 2005.
- ISO/IEC 12207:2013 - Systems and Software engineering Software Life Cycle Processes. International Organization for Standardization. https://www.iso.org/standard/43447.html (accessed July 6, 2017).
- Information Systems Audit and Control Foundation, IS Audit and Assurance Guidelines, ISACA, September 2014.
- JAD (Joint Application Development). http://searchsoftwarequality.techtarget.com/definition/JAD (accessed June 30, 2017).
- Jones, D.C., Kalmi, P., & Kauhanen, A. (2011). Firm and employee effects of an enterprise information system: micro-econometric evidence. International Journal of Production Economics, 130(2), 159-168
- Kanban. PM Methodologies. http://www.successfulprojects.com/PM-Topics/Introduction-to-Project-Management/PM-Methodologies (accessed June 29, 2017).
- Mallach, Efrem G. "Information System Conversion Strategies: A Unified View." In Managing Adaptability, Intervention, and People in Enterprise Information Systems, ed. Madjid Tavana, 91-105 (2011) (accessed July 05, 2017). doi:10.4018/978-1-60960-529-2.ch005
- Merhout, Jeff, and Mary Kovach. (2017). "Governance Practices over Agile Systems Development Projects: A Research Agenda."
- OWASP Secure Coding Practices - Quick Reference Guide. https://www.owasp.org/index.php/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide (accessed June 28, 2017).
- Protiviti (2016) From Cloud, Mobile, Social, IoT and Analytics to Digitization and Cybersecurity: Benchmarking Priorities for Today’s Technology Leaders. https://www.knowledgeleader.com/KnowledgeLeader/Content.nsf/Web+Content/SRFromCloudMobileSocialIoTandAnalytics!OpenDocument (accessed June 28, 2017).
- Rama, J., Corkindaleb, D., & Wu, M. (2013). Implementation critical success factors (CSFs) for ERP: Do they contribute to implementation success and post-implementation performance? International Journal of Production Economics, 144(1), 157-174.
- Regression Testing. Microsoft Developer Network. https://msdn.microsoft.com/en-us/library/aa292167(v=vs.71).aspx (accessed July 1, 2017).
- Romney, M. B., & Steinbart, P. J. (2015). Accounting Information Systems 13E, Pearson Education.
- Schiesser, R., Guaranteeing Production Readiness Prior to Deployment, Prentice Hall PTR, New York, http://www.informit.com/isapi/product_id·%7B0CF23CBC-CDCC-4B50-A00E-17CBE595 AA31%7D/content/index.asp, verified on August 1, 2003.
- Scrum. PM Methodologies. http://www.successfulprojects.com/PM-Topics/Introduction-to-Project-Management/PM-Methodologies (accessed June 29, 2017).
- Secure Coding Practice Guidelines. Berkeley Information Security and Policy. https://security.berkeley.edu/secure-coding-practice-guidelines (accessed July 1, 2017).
- SEI CERT Coding Standards. (2017). Software Engineering Institute. Source: https://www.securecoding.cert.org/confluence/display/seccode/SEI+CERT+Coding+Standards
- Senft, S., Gallegos, F, and Davis, A. 2012. Information Technology Control and Audit. Boca Raton: CRC Press/Taylor & Francis.
- Software Performance Testing. TechTarget. http://searchsoftwarequality.techtarget.com/definition/performance-testing (accessed July 1, 2017).
- The Seven Phases of the System-Development Life Cycle. Innovative Architects. https://www.innovativearchitects.com/KnowledgeCenter/basic-IT-systems/system-development-life-cycle.aspx (accessed June 27, 2017).
- Waters, K. (2010). 7 Key Principles of Lean Software Development. Lean Development. Source: http://www.101ways.com/7-key-principles-of-lean-software-development-2/
- What is Agile Software Development? Agile Alliance. https://www.agilealliance.org/agile101/ (accessed June 28, 2017).
- White Box Testing. Software Testing Fundamentals. http://softwaretestingfundamentals.com/white-box-testing/ (accessed July 1, 2017).
- US-CERT, Top 10 Coding Practices, Software Engineering Institute, Carnegie Mellon University, https://www.securecoding.cert.org/confluence/display/seccode/Top+10+Secure+Coding+Practices, March 2011.
Chapter 9
- A Survey of Key Concepts and Issues for Electronic Recordkeeping. 2003. Electronic Data Interchange. Source: https://www.ctg.albany.edu/publications/reports/key_concepts?chapter=3&PrintVersion=2
- Baker, S., S. Waterman, and G. Ivanov, In the Crossfire: Critical Infrastructure in the Age of Cyber War. 2010.
- Berkeley Information Security and Policy. Secure Coding Practice Guidelines. https://security.berkeley.edu/secure-coding-practice-guidelines (accessed in July 2017).
- Federal Bureau of Investigation (FBI), Financial Crimes Report to the Public Fiscal Years 2007 through 2011, Department of Justice, United States. http://www.fbi.gov/stats-services/publications/financial-crimes-report-2010-2011.
- Global Technology Audit Guide (GTAG) 8: Auditing Application Controls. The Institute of Internal Auditors. Source: https://na.theiia.org/standards-guidance/recommended-guidance/practice-guides/Pages/GTAG8.aspx (accessed in July 2017)
- GS1 EDI. GS1. https://www.gs1.org/edi (accessed in July 2017).
- ISACA. COBIT and Application Controls: A Management Guide. 2017. https://www.isaca.org/knowledge-center/research/researchdeliverables/pages/cobit-and-application-controls-a-management-guide.aspx
- ISACA. Web Application Security: Business and Risk Considerations. 2017. https://www.isaca.org/knowledge-center/research/researchdeliverables/pages/web-application-security-business-and-risk-considerations.aspx
- Jones, D.C., Kalmi, P., & Kauhanen, A. (2011). Firm and employee effects of an enterprise information system: micro-econometric evidence. International Journal of Production Economics, 130(2), 159-168.
- McAfee Labs 2017 Threats Predictions report issued on November 2016. Source: https://www.mcafee.com/au/resources/reports/rp-threats-predictions-2017.pdf
- McAfee Labs Threats Report - December 2016 Source: https://www.mcafee.com/ca/resources/reports/rp-quarterly-threats-dec-2016.pdf
- Morella, R. (August 2015). Auditing Web Applications. IT Audit Strategies for Web Applications. ISACA Geek Week. Source: http://www.isaca.org/chapters3/Atlanta/AboutOurChapter/Documents/GW2015/081115-10AM-WebAppSecurity.pdf.
- National Institute of Standards and Technology Special Publication 800-53A, Revision 4, Assessing Security and Privacy Controls in Federal Information Systems and Organizations, December 2014. Source: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53Ar4.pdf
- Odette. EDI Basics. https://www.edibasics.com/edi-resources/document-standards/odette/ (accessed in July 2017).
- Otero, A. R., “An Information Security Control Assessment Methodology for Organizations’ Financial Information,” International Journal of Accounting Information Systems, Vol. 18, No. 1, pp. 26 - 45, 2015.
- Otero, A. R. “Impact of IT Auditors’ Involvement in Financial Audits”, International Journal of Research in Business and Technology, Vol. 6, No. 3, pp. 841 - 849, 2015.
- Otero, A. R., Tejay, G., Otero, L. D., and Ruiz, A. "A Fuzzy Logic-based Information Security Control Assessment for Organizations", IEEE Conference on Open Systems, 2012.
- Otero, A. R., Otero, C. E., Qureshi, A., “A Multi-Criteria Evaluation of Information Security Controls Using Boolean Features,” International Journal of Network Security & Applications, Vol. 2, No. 4, pp. 1 - 11, 2010.
- OWASP. OWASP Top 10 - 2013: Top 10 Most Critical Web Application Security Risks. https://www.owasp.org/index.php/Top_10_2013-Risk. 2013.
- OWASP Secure Coding Practices - Quick Reference Guide. https://www.owasp.org/index.php/OWASP_Secure_Coding_Practices_-_Quick_Reference_Guide (accessed in June 2017).
- Romney, M. B., & Steinbart, P. J. (2015). Accounting Information Systems 13E, Pearson Education
- Secure Coding Practice Guidelines. Berkeley Information Security and Policy. https://security.berkeley.edu/secure-coding-practice-guidelines (accessed in June 2017).
- Senft, S., Gallegos, F, and Davis, A. 2012. Information Technology Control and Audit. Boca Raton: CRC Press/Taylor & Francis.
- Tradacoms. EDI Basics. http://www.edibasics.co.uk/edi-resources/document-standards/tradacoms/ (accessed in July 2017).
Chapter 10
- Burgess, A. (2009). Easy Version Control with Git. Envato Pty Ltd. Source: https://code.tutsplus.com/tutorials/easy-version-control-with-git--net-7449
- Common Weakness Enumeration (Version 2.10), http://cwe.mitre.org/ (accessed April 6, 2017).
- Corporate Executive Board, Change Management Models, Working Council for Chief Information Officers, January 2003.
- Deloitte LLP (2014). IT Audit Planning Work Papers. Unpublished internal document.
- Gallegos, F. and J. Yin, Auditing Oracle, EDP Auditing Series, #74-15-37, Auerbach Publishers, Boca Raton, FL, 2000, pp. 1–12.
- Gallegos, F. and A. Carlin, Key Review Points for Auditing Systems Development, EDP Auditing Series, #74-30-37, Auerbach Publishers, Boca Raton, FL, 2000, pp. 1–24.
- Getting Started - About Version Control. https://git-scm.com/book/en/v2/Getting-Started-About-Version-Control (accessed June 8, 2017).
- Global Technology Audit Guide (GTAG) 8: Auditing Application Controls. The Institute of Internal Auditors. Source: https://na.theiia.org/standards-guidance/recommended-guidance/practice-guides/Pages/GTAG8.aspx (accessed in July 2017).
- IS Audit Basics. The Process of Auditing Information Systems. http://www.isaca.org/knowledge-center/itaf-is-assurance-audit-/pages/is-audit-basics.aspx (accessed July 2017).
- Information Systems Audit and Control Foundation, IT Control Practice Statement: AI6 Manage Changes, Information Systems Audit and Control Foundation, https://www.isaca.org/popup/Pages/AI6-Manage-Changes.aspx
- ISACA. Web Application Security: Business and Risk Considerations. 2017. https://www.isaca.org/knowledge-center/research/researchdeliverables/pages/web-application-security-business-and-risk-considerations.aspx
- ISO/IEC 20000-1:2011. Information technology -- Service management -- Part 1: Service management system requirements. https://www.iso.org/standard/51986.html (accessed June 8, 2017).
- ITIL Change Management. (2016). BMC Software, Inc. Source: http://www.bmc.com/guides/itil-change-management.html
- Kling, R. and R. Lamb, IT and organizational change in digital economies: A sociotechnical approach, In Understanding the Digital Economy: Data Tools and Research, Brynjolfrson, E. and B. Kahin, Eds., MIT Press, Cambridge, MA, 2000, pp. 295–324.
- Melançon, D., Beyond checklists: A socratic approach to building a sustainable change auditing practices, Information Systems Audit and Control Association, Journal Online, 2006.
- Morella, R. (August 2015). Auditing Web Applications. IT Audit Strategies for Web Applications. ISACA Geek Week. Source: http://www.isaca.org/chapters3/Atlanta/AboutOurChapter/Documents/GW2015/081115-10AM-WebAppSecurity.pdf.
- National Institute of Standards and Technology Special Publication 800-53A, Revision 4, Assessing Security and Privacy Controls in Federal Information Systems and Organizations, December 2014. Source: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53Ar4.pdf
- Oseni, E. Change management in process change, Information Systems Audit and Control Association, JournalOnline, 2007.
- Otero, A. R., “An Information Security Control Assessment Methodology for Organizations’ Financial Information,” International Journal of Accounting Information Systems, Vol. 18, No. 1, pp. 26 - 45, 2015.
- Otero, A. R. “Impact of IT Auditors’ Involvement in Financial Audits”, International Journal of Research in Business and Technology, Vol. 6, No. 3, pp. 841 - 849, 2015.
- Otero, A. R., Tejay, G., Otero, L. D., and Ruiz, A. "A Fuzzy Logic-based Information Security Control Assessment for Organizations", IEEE Conference on Open Systems, 2012.
- Otero, A. R., Otero, C. E., Qureshi, A., “A Multi-Criteria Evaluation of Information Security Controls Using Boolean Features,” International Journal of Network Security & Applications, Vol. 2, No. 4, pp. 1 - 11, 2010.
- Richardson, V. J., Chang, C. J., & Smith, R. (2014). Accounting Information Systems. McGraw Hill
- Romney, M. B., & Steinbart, P. J. (2015). Accounting Information Systems 13E, Pearson Education.
- Senft, S., Gallegos, F, and Davis, A. 2012. Information Technology Control and Audit. Boca Raton: CRC Press/Taylor & Francis.
- Software & Information Industry Association (SIIA), About SIIA, http://www.siia.net/membership/overview.asp.
- U.S. General Accounting Office, Federal Information System Controls Audit Manual: Vol. 1, Financial Statement Audits, AIMD-12.19.6, June 2001.
- Wallace, Dolores R. and Laura M. Ippolito. A Framework for the Development and Assurance of High Integrity Software. NIST Special Publication 500-223, December 1994, Section 3.4 “Software Configuration Management Process”. http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication500-223.pdf and https://archive.org/details/frameworkfordeve5002wall (accessed March 28, 2017).
Chapter 11
- Barron, J. August 15, 2003. The Blackout of 2003: The Overview; Power Surge Blacks Out Northeast, Hitting Cities in 8 States and Canada; Midday Shutdowns Disrupt Millions. The New York Times. Source: http://www.nytimes.com/2003/08/15/nyregion/blackout-2003-overview-power-surge-blacks-northeast-hitting-cities-8-states.html
- Bartholomew, Dana. (2014). Los Angeles Daily News. Northridge Earthquake: 1994 quake still fresh in Los Angeles minds after 20 years. http://www.dailynews.com/general-news/20140111/northridge-earthquake-1994-disaster-still-fresh-in-los-angeles-minds-after-20-years
- Cloud Backup And Disaster Recovery Meets Next-Generation Database Demands Public Cloud Can Lower Cost, Improve SLAs And Deliver On-Demand Scale. (March 2014). Forrester Research, Inc. Source: http://scribd-download.com/cloud-backup-and-disaster-recovery-meets-next-generation-database-demands_58c8d228ee34353a2ee07a3e_txt.html
- Collins, T. (October 2015). Six Reasons Businesses Should Choose Cloud Backup. Atlantech Online, Inc. Source: https://www.atlantech.net/blog/6-reasons-businesses-should-choose-cloud-backup
- Cox, Ryan. (2013). 5 Notorious DDoS Attacks in 2013: Big Problem for The Internet of Things. SiliconANGLE Media, Inc. http://siliconangle.com/blog/2013/08/26/5-notorious-ddos-attacks-in-2013-big-problem-for-the-internet-of-things/
- Deloitte LLP (2014). IT Audit Work Papers. Unpublished internal document.
- Dobson Technologies. (2013). Whitepaper: 7 Reasons Why Businesses are Shifting to Cloud Backup. Source: http://www.dobson.net/wp-content/uploads/2013/04/7-Reasons-Businesses-are-Shifting-to-Cloud-Backup-Dobson.pdf
- Full, incremental or differential: How to choose the correct backup type. August 2008. TechTarget. Source: http://searchdatabackup.techtarget.com/feature/Full-incremental-or-differential-How-to-choose-the-correct-backup-type
- Govekar, M., D. Scott, R. J. Colville, D. Curtis, W. Cappelli, P. Adams, K. Brittain et al., Hype Cycle for IT Operations Management, 2006, Gartner Research G00141081, Stamford, CT, July 7, 2006.
- "How long must you keep your data?" Strategic Finance Magazine. January 2017 edition.
- Kageyama, Y. August 1, 2011. Honda's quarterly profit plunges on disaster. The San Diego Union-Tribune. Source: http://www.sandiegouniontribune.com/sdut-hondas-quarterly-profit-plunges-on-disaster-2011aug01-story,amp.html
- Microsoft’s Information Platform. (May 2014). Forrester Consulting study finds cost, business continuity benefits from cloud backup and disaster recovery. Source: ttps://blogs.technet.microsoft.com/dataplatforminsider/2014/05/02/forrester-consulting-study-finds-cost-business-continuity-benefits-from-cloud-backup-and-disaster-recovery/
- Otero, A. R., (2015). “An Information Security Control Assessment Methodology for Organizations’ Financial Information,” International Journal of Accounting Information Systems, Vol. 18, No. 1, pp. 26 - 45.
- Otero, A. R. (2015). “Impact of IT Auditors’ Involvement in Financial Audits”, International Journal of Research in Business and Technology, Vol. 6, No. 3, pp. 841 - 849.
- Otero, A. R., Tejay, G., Otero, L. D., and Ruiz, A. (2012). "A Fuzzy Logic-based Information Security Control Assessment for Organizations", IEEE Conference on Open Systems.
- Otero, A. R., Otero, C. E., Qureshi, A. (2010). “A Multi-Criteria Evaluation of Information Security Controls Using Boolean Features,” International Journal of Network Security & Applications, Vol. 2, No. 4, pp. 1 - 11.
- Paquet, R., The Best Approach to Improving IT Management Processes, Gartner Research TU-17-3745, Stamford, CT, September 5, 2002.
- Senft, S., Gallegos, F, and Davis, A. (2012). Information Technology Control and Audit. Boca Raton: CRC Press/Taylor & Francis.
- Summary of "Lessons Learned" from Events of September 11 and Implications for Business Continuity. February 13, 2002. Securities and Exchange
Chapter 12
- AICPA's Audit Analytics and Continuous Audit - Looking Toward the Future. Accessed in August 2017. Source: http://www.aicpa.org/InterestAreas/FRC/AssuranceAdvisoryServices/DownloadableDocuments/AuditAnalytics_LookingTowardFuture.pdf
- Auditing blockchain: A new frontier. PWC. https://www.pwc.com/us/en/financial-services/research-institute/blog/blockchain-audit-a-michael-smith.html (accessed in September 2017).
- Bacon, M.; “St. Jude Medical Finally Patches Vulnerable Medical IoT Devices,” TechTarget, 13 January 2017, http://searchsecurity.techtarget.com/news/450410935/St-Jude-Medical-finally-patches-vulnerable-medical-IoT-devices
- BI Intelligence, “Here’s How the Internet of Things Will Explode by 2020,” Business Insider, 31 August 2016, www.businessinsider.com/iot-ecosystem-internet-of-things-forecasts-and-business-opportunities-2016-2
- Blockchain & Cyber Security. Deloitte. https://www2.deloitte.com/content/dam/Deloitte/ie/Documents/Technology/IE_C_BlockchainandCyberPOV_0417.pdf (accessed in September 2017).
- Blockchain and distributed ledger technologies. ISO/TC 307. https://www.iso.org/committee/6266604.html (accessed in September 2017).
- Blockchain and the future of audit. EY. http://www.ey.com/gl/en/services/assurance/ey-reporting-blockchain-and-the-future-of-audit (accessed in September 2017).
- Cloud computing in 2016 - Private company issues and opportunities. Deloitte. Source: http://www2.deloitte.com/us/en/pages/deloitte-growth-enterprise-services/articles/private-company-cloud-computing.html
- Cloud Security Alliance. https://cloudsecurityalliance.org/about/ (accessed in August 2017).
- Cloud Security Alliance's CloudAudit Working Group. https://cloudsecurityalliance.org/group/cloudaudit/#_overview (accessed in June 2017).
- Cybercrime Tactics and Techniques for Q1 2017. Malware Labs. Source: https://www.malwarebytes.com/pdf/labs/Cybercrime-Tactics-and-Techniques-Q1-2017.pdf
- Da Veiga, A., & Eloff, J. H. P. (2007). An information security governance framework. Information Systems Management, 24(4), 361-372.
- Deloitte LLP (2014). IT Audit Work Papers. Unpublished internal document.
- Deloitte's Auditing the Internet of Things. https://www2.deloitte.com/gz/en/pages/risk/articles/auditing-the-internet-of-things.html (accessed in July 2017).
- Deloitte's Cloud Computing, The Non-IT Auditor's Guide to Auditing the Cloud.
https://www.iia.org.uk/media/1283828/cloud-computing-20150617.pdf (accessed in June 2017). - Disterer, G. (2013). ISO/IEC 27000, 27001 and 27002 for information security management. Journal of Information Security, 4(2), 92-100.
- Dubsky, Lance. (2016). Assessing Security Controls: Keystone of the Risk Management Framework. ISACA Journal, volume 6, 2016
- EY Big Data and Analytics in the Audit Process. 2015. EY Center for Board Matters' September 2015. http://www.ey.com/Publication/vwLUAssets/ey-big-data-and-analytics-in-the-audit-process/$FILE/ey-big-data-and-analytics-in-the-audit-process.pdf.
- EY's Cybersecurity and the Internet of Things.
http://www.ey.com/Publication/vwLUAssets/EY-cybersecurity-and-the-internet-of-things/$FILE/EY-cybersecurity-and-the-internet-of-things.pdf (accessed in August 2017). - ForeScout, IoT Security Survey Results, https://www.forescout.com/iot-security-survey-results/ (accessed in June 2017).
- Gartner IT Glossary, n.d. Gartner IT Glossary (n.d.). Retrieved from http://www.gartner.com/it-glossary/big-data/ (accessed in October 2017).
- Gartner's 2015 Hype Cycle for Emerging Technologies Identifies the Computing Innovations That Organizations Should Monitor. 2015. http://www.gartner.com/newsroom/id/3114217
- Gartner Says the Internet of Things Will Transform the Data Center. 2014. http://www.gartner.com/newsroom/id/2684616
- Gikas, Constantine (2010). A general comparison of FISMA, HIPAA, ISO 27000 and PCI-DSS Standards". Information security journal. 19(3), 132.
- Golson, J.; “Car Hackers Demonstrate Wireless Attack on Tesla Model S,” The Verge, 19 September 2016, www.theverge.com/2016/9/19/12985120/tesla-model-s-hack-vulnerability-keen-labs
- Herath, T., & Rao, H. R. (2009). Encouraging information security behaviors in organizations: Role of penalties, pressures, and perceived effectiveness. Decision Support Systems, 47(2), 154-165.
- How to Navigate Blockchain—The Technology That Could Change Everything. ISACA. https://www.isaca.org/About-ISACA/Press-room/News-Releases/2017/Pages/ISACA-Guidance-How-to-Navigate-Blockchain.aspx (accessed in June 2017).
- IDC, “Worldwide Public Cloud Services Spending Forecast to Reach $266 Billion in 2021, According to IDC”, USA, 18 July 2017, http://www.idc.com/getdoc.jsp?containerId=prUS42889917
- IIA's Global Technology Audit Guide (GTAG): Understanding and Auditing Big Data. https://global.theiia.org/standards-guidance/recommended-guidance/practice-guides/Pages/GTAG-Understanding-and-Auditing-Big-Data.aspx (accessed in August 2017).
- ISACA, COBIT 5: A Business Framework for the Governance and Management of Enterprise IT (ISACA, 2012), 94.
- ISACA, Innovation Insights: Top Digital Trends That Affect Strategy, USA, 2015, www.isaca.org/knowledge-Center/Research/Pages/isaca-innovation-insights.aspx
- ISACA Innovation Insights. ISACA. http://www.isaca.org/knowledge-center/research/pages/cloud.aspx (accessed September 2016).
- ISACA's Internet of Things: Risk and Value Considerations.
https://www.isaca.org/knowledge-center/research/researchdeliverables/pages/internet-of-things-risk-and-value-considerations.aspx (accessed in August 2017). - ISACA's What Is Big Data and What Does It Have to Do With IT Audit?
https://www.isaca.org/Journal/archives/2013/Volume-3/Pages/What-Is-Big-Data-and-What-Does-It-Have-to-Do-With-IT-Audit.aspx (accessed in August 2017). - ISO/IEC 27001 - Information security management. http://www.iso.org/iso/home/standards/management-standards/iso27001.htm (accessed in January 2017).
- Mathews, L. September 2017. Equifax Data Breach Impacts 143 Million Americans. Forbes. Source: https://www.forbes.com/sites/leemathews/2017/09/07/equifax-data-breach-impacts-143-million-americans/#383e132356f8
- McAfee Labs 2017 Threats Predictions report issued on November 2016. https://www.mcafee.com/au/resources/reports/rp-threats-predictions-2017.pdf (accessed October 2017).
- McAfee Labs Threats Report - December 2016 https://www.mcafee.com/ca/resources/reports/rp-quarterly-threats-dec-2016.pdf (accessed October 2017).
- National Vulnerability Database. National Institute of Standards and Technology. https://nvd.nist.gov/vuln/search (accessed August 2017).
- NIST SP 800-144's Guidelines on Security and Privacy in Public Cloud Computing. http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-144.pdf (accessed in July 2017).
- NIST SP 800-124's Guidelines for Managing and Securing Mobile Devices in the Enterprise.
http://csrc.nist.gov/publications/drafts/800-124r1/draft_sp800-124-rev1.pdf (accessed in July 2017). - Otero, A. R. (2015). An Information Security Control Assessment Methodology for Organizations’ Financial Information, International Journal of Accounting Information Systems, 18(1), 26 - 45.
- Otero, A. R. (2015). Impact of IT Auditors' Involvement in Financial Audits, International Journal of Research in Business and Technology, 6(3), 841 - 849.
- Otero, A. R., Tejay, G., Otero, L. D., & Ruiz, A. (2012). A Fuzzy Logic-based Information Security Control Assessment for Organizations, IEEE Conference on Open Systems.
- Otero, A. R., Otero, C. E., & Qureshi, A., (2010). A Multi-Criteria Evaluation of Information Security Controls Using Boolean Features, International Journal of Network Security & Applications, 2(4), 1 - 11.
- OWASP's IoT Testing Guides.
https://www.owasp.org/index.php/IoT_Testing_Guides (accessed in August 2017). - Payment Card Industry Data Security Standards (PCI DSS)'s Security Standards for Account Data Protection. https://www.pcisecuritystandards.org/ (accessed in July 2017).
- PCI Security. 2016. PCI Security Standards Council. https://www.pcisecuritystandards.org/pci_security/
- PWC's A Guide to Cloud Audits.
http://www.pwc.com/us/en/risk-assurance-services/publications/assets/internal-cloud-audit-risk-guide.pdf (accessed in June 2017). - Ross, R. (2007). Managing enterprise security risk with NIST standards. IEEE Computer Society, 40(8), 88-91. doi: 10.1109/MC.2007.284
- Senft, S., Gallegos, F, & Davis, A. 2012. Information Technology Control and Audit. Boca Raton: CRC Press/Taylor & Francis.
- Singh, A. N., Picot, A., Kranz, J., Gupta, M. P., & Ojha, A. (2013). Information security management (ISM) practices: Lessons from select cases from India and Germany. Global Journal of Flexible Systems Management, 14(4), 225-239.
- Srinivasan, M. (2012). Building a Secure Enterprise Model for Cloud Computing Env. Academy of Information and Management Sciences Journal, 15(1), 127-133.
- TechAmerica Foundation's Federal Big Data Commission Demystifying big data: A practical guide to transforming the business of Government (2012) Retrieved from http://www.techamerica.org/Docs/fileManager.cfm?f=techamerica-bigdatareport-final.pdf
- The Best Mobile Device Management (MDM) Solutions of 2016. PC Magazine. http://www.pcmag.com/article/342695/the-best-mobile-device-management-mdm-software-of-2016
- Gressin, S. (September 2017). The Equifax Data Breach: What to Do. Federal Trade Commission - Consumer Information. Source: https://www.consumer.ftc.gov/blog/2017/09/equifax-data-breach-what-do
- The SANS Institute's Cloud Security Framework Audit Methods.
https://www.sans.org/reading-room/whitepapers/cloud/cloud-security-framework-audit-methods-36922 (accessed in June 2017). - Top 10 ERP Software Vendors and Market Forecast 2015-2020. 2016. Apps Run The World.https://www.appsruntheworld.com/top-10-erp-software-vendors-and-market-forecast-2015-2020/
- United States General Accounting Office, CYBERCRIME—Public and Private Entities Face Challenges in Addressing Cyber Threats, GAO-07-705, June 22, 2007.
- United States General Accounting Office, Information Security: TVA Needs to Address Weaknesses in Control Systems and Networks, GAO-08-526, May 21, 2008
- U.S. Department of Justice, Federal Bureau of Investigation. 2016 Internet Crime Report. https://pdf.ic3.gov/2016_IC3Report.pdf
- U.S. Department of Justice, Federal Bureau of Investigation. 2015 Internet Crime Report. https://pdf.ic3.gov/2015_IC3Report.pdf
- U.S. Department of Justice, Federal Bureau of Investigation. 2014 Internet Crime Report. https://pdf.ic3.gov/2014_IC3Report.pdf
- U.S. Supplement to the 2014 Global Economic Crime Survey, PricewaterhouseCoopers LLP, http://www.pwc.com/gx/en/economic-crime-survey/
- What is blockchain? (July 2017). Journal of Accountancy. Source: https://www.journalofaccountancy.com/issues/2017/jul/what-is-blockchain.html
- What is Cloud Computing? PC Magazine. 2016. http://www.pcmag.com/article2/0,2817,2372163,00.asp
- White-Collar Crime Overview. FBI Major Threats & Programs. What We Investigate. https://www.fbi.gov/investigate/white-collar-crime (accessed October 2017). Zorz, Z.; “Researchers Hack Vizio Smart TVs to Access Home Network,” Help Net Security, 12 November 2015, https://www.helpnetsecurity.com/2015/11/12/researchers-hack-vizio-smart-tvs-to-access-home-network/
Chapter 13
- Ambrose, C., A Sourcing Executive Can Help Optimize Sourcing and Vendor Relationships, Gartner Research, Gartner, Inc., Stamford, CT, April 24, 2006.
- AU-C Section 402. Audit Considerations Relating to an Entity Using a Service Organization. http://www.aicpa.org/Research/Standards/AuditAttest/DownloadableDocuments/AU-C-00402.pdf (accessed on September 2017).
- AU Section 324. Service Organizations. https://pcaobus.org/Standards/Auditing/pages/au324.aspx (accessed on September 2017).
- Brown, D. (2013). The SLA Conundrum - Executives see green. But everyone else knows it’s red inside. Source: http://www.kpmg-institutes.com/content/dam/kpmg/sharedservicesoutsourcinginstitute/pdf/2012/service-level-agreement-conundrum.pdf
- Bakalov, R. and F. Nanji. (2007). Offshore application development done right, Inf. Sys. Control J., 5.
- Benvenuto, N. and D. Brand. (2007). Outsourcing—A risk management perspective, Inf. Sys. Control J., 5.
- Corporate Executive Board, Case Studies of Software Purchasing Decisions, Working Council for Chief Information Officers, February 2013.
- Deloitte's 2016 Global Outsourcing Survey. Step on it! Outsourcing makes a beeline toward innovation. Source: https://www2.deloitte.com/us/en/pages/operations/articles/global-outsourcing-survey.html
- Deloitte's 2014 Global Outsourcing and Insourcing Survey. 2014 and Beyond. Source: https://www2.deloitte.com/content/dam/Deloitte/us/Documents/strategy/us-2014-global-outsourcing-insourcing-survey-report-123114.pdf
- Doig, C. 2016. The enterprise software acquisition funnel. CIO. Source: https://www.cio.com/article/3087545/software/the-enterprise-software-acquisition-funnel.html
- Doig, C. 2016. The payoff from a rigorous software selection. CIO. Source: https://www.cio.com/article/3091810/software/the-payoff-from-a-rigorous-software-selection.html
- Edmead, M. 2015. Using COBIT 5 to Measure the Relationship Between Business and IT. ISACA. Source: http://www.isaca.org/COBIT/focus/Pages/using-cobit-5-to-measure-the-relationship-between-business-and-it.aspx
- IT Governance Institute, Governance of Outsourcing, IT Governance Domain Practices and Competencies, 2005.
- Kennedy, C. (July 25, 2017). SSAE 18 vs SSAE 16: Key differences in the new SOC 1 standard. Online Tech. Source: http://resource.onlinetech.com/ssae-18-vs-ssae-16-key-differences-in-the-new-soc-1-standard/
- KPMG's State of the outsourcing, shared services, and operations industry 2017. HfS Research. Source: http://www.kpmg-institutes.com/content/dam/kpmg/sharedservicesoutsourcinginstitute/pdf/2017/business-operations-2017-hfs.pdf
- Kyte, A., Vendor Management Is a Critical Business Discipline, Gartner Research, Gartner, Inc., February 24, 2005.
- Moreno, H. 2016. How IT Service Management Delivers Value To The Digital Enterprise. Forbes. Source: https://www.forbes.com/sites/forbesinsights/2017/03/16/how-it-service-management-delivers-value-to-the-digital-enterprise/#54ff3bff732e
- Romney, M. B., & Steinbart, P. J. (2015). Accounting Information Systems 13th ed., Pearson Education
- Senft, S., Gallegos, F, and Davis, A. 2012. Information Technology Control and Audit. Boca Raton: CRC Press/Taylor & Francis.
- Singleton, T. W. 2013. How to Properly Audit a Client Who Uses a Service Organization—SOC Report or No SOC Report. ISACA. Source: https://www.isaca.org/Journal/archives/2013/Volume-1/Pages/How-to-Properly-Audit-a-Client-Who-Uses-a-Service-Organization-SOC-Report-or-No-SOC-Report.aspx
- SSAE-18 – An Update to SSAE 16 (Coming 2017). SSAE-16. https://www.ssae-16.com/ssae-18-an-update-to-ssae-16-coming-2017/ (accessed on September 2017).
- Statements on Standards for Attestation Engagements. AICPA. http://www.aicpa.org/Research/Standards/AuditAttest/Pages/SSAE.aspx (accessed on September 2017).
- The Vendor Management Program Office. Five deadly sins of vendor management. Deloitte. https://www2.deloitte.com/us/en/pages/operations/articles/vendor-management-program-office-five-deadly-sins-of-vendor-management.html (accessed on September 2017).
- Whittington, O. R. & Pany, K. (2014). Principles of Auditing & Other Assurance Services 20th ed. Boston: McGraw-Hill/Irwin.
- Xerox gives EDS $3.2 billion contract. UPI Archives. http://www.upi.com/Archives/1994/06/14/Xerox-gives-EDS-32-billion-contract/2209771566400/ (accessed on September 2017).