Auditing at the speed of risk requires internal auditors to rethink the way we work. Agile auditing provides a path forward that blends the best elements from agile project management and internal audit best practices. Leaders in internal audit are ready to incorporate an agile audit mindset in their departments, but most of the available resources provide theoretical ideas. Even when outside consultants lead an agile transition, the consultants primarily focus on adding agile ceremonies without addressing the fundamental mindset change required for an agile audit transformation. This book provides a practical guide for audit leaders to follow as a playbook for implementing agile across their department, impacting every facet of the audit lifecycle, and addressing the mental shift required for making a lasting change. Every chapter includes discussion questions to facilitate discourse or just to help you analyze your own department. Next, we look at a typical internal audit department as they attempt the transition from a traditional audit methodology to agile auditing so we can learn from their missteps and successes. The guidance in Agile Audit Transformation and Beyond includes the basics of agile auditing, practical directions for shifting each phase of the audit life cycle, common hurdles faced during the transition, and forward-looking thought leadership on expanding beyond internal audit into agile assurance.

Beyond Agile Auditing shows auditors and organizational leaders how to revolutionize the audit experience. For decades, auditors have unintentionally struck fear in their clients. They are rarely welcomed into an area with open arms and are often viewed as one more obstacle to delivering value. But internal audit serves a vital function in reducing risk and ensuring success for all organizations. In Beyond Agile Auditing, experienced audit and risk management leader Clarissa Lucas shows organizations how to go beyond collaboration and build a partnership between auditors and clients. By leveraging this partnership, organizations can experience more value-added audit work, faster time to results (and resolution), greater engagement and satisfaction from all parties involved, and gain a competitive advantage in the marketplace, By building upon the work of the DevOps community, which reinvented the relationship between two groups that historically saw each other as adversaries and obstacles, Lucas applies new and better ways of working to the audit process. In this reimagined world, auditors (as well as other assurance providers) work closely with their clients to become strategic differentiators instead of obstacles, providing stakeholders value they never imagined. Come join us in this brave new world of audit.

Cognitive Risk is a book about the least understood but most pervasive risk to mankind – human decision-making. Cognitive risks are subconscious and unconscious influence factors on human decision-making: heuristics and biases. To understand the scope of cognitive risk, we look at case studies, corporate and organizational failure, and the science that explains why we systemically make errors in judgment and repeat the same errors. The book takes a multidisciplinary and pedestrian stroll through behavioral science with a light touch, using stories to explain why we consistently make cognitive errors that not only increase risks but also simultaneously fail to recognize these errors in ourselves or our organizations. This science has deep roots in organizational behavior, psychology, human factors, cognitive science, and behavioral science all influenced by classic philosophers and enabled through advanced analytics and artificial intelligence. The point of the book is simple. Humans persist with bounded rationality, but as the speed of information, data, money, and life in general accelerates, we will need the right tools to not only keep pace but to survive and thrive. In light of all these factors that complicate risk, the book offers a foundational solution. A cognitive risk framework for enterprise risk management and cyber security. There are five pillars in a cognitive risk framework with five levels of maturity, yet there is no universally prescribed maturity level. It is more a journey of different paths. Each organization will pursue its own path, but the goal is the same – to minimize the errors that could have been avoided. We explain why risks are hard to discuss and why we systematically ignore the aggregation of these risks hidden in collective decision-making in an organization. The cognitive risk framework is a framework designed to explore the two most complex risks organizations face: uncertainty and decision-making under uncertainty. The first pillar is cognitive governance, which is a structured approach for institutionalizing rational decision-making across the enterprise. Each pillar is complimentary and builds on the next in a succession of continuous learning. There is no endpoint because the pillars evolve with technology. Enterprise risk is a team effort in risk intelligence grounded in a framework for good decision-making. We close with a call to become designers of risk solutions enabled by the right technology and nurtured by collaboration. We hope you enjoy the book with this context.

1. Equip professionals with holistic and structured knowledge regarding establishing and implementing privacy framework and program. 2. Gain practical guidance, tools, and templates to manage complex privacy and data protection subjects with cross-functional teams. 3. Gain the knowledge in measuring privacy program and operating it in a more efficient and effective manner.

Let’s be realistic here. Ordinary K-12 educators don’t know what "cybersecurity" is and could probably care less about incorporating it into their lesson plans. Yet, teaching cybersecurity is a critical national priority. So, this book aims to cut through the usual roadblocks of confusing technical jargon and industry stovepipes and give you, the classroom teacher, a unified understanding of what must be taught. That advice is based on a single authoritative definition of the field. In 2017, the three societies that write the standards for computing, software engineering, and information systems came together to define a single model of the field of cybersecurity. It is based on eight building blocks. That definition is presented here. However, we also understand that secondary school teachers are not experts in arcane subjects like software, component, human, or societal security. Therefore, this book explains cybersecurity through a simple story rather than diving into execution details. Tom, a high school teacher, and Lucy, a middle school teacher, are tasked by their district to develop a cybersecurity course for students in their respective schools. They are aided in this by "the Doc," an odd fellow but an expert in the field. Together they work their way through the content of each topic area, helping each other to understand what the student at each level in the educational process has to learn. The explanations are simple, easy to understand, and geared toward the teaching aspect rather than the actual performance of cybersecurity work. Each chapter is a self-contained explanation of the cybersecurity content in that area geared to teaching both middle and high school audiences. The eight component areas are standalone in that they can be taught separately. But the real value lies in the comprehensive but easy-to-understand picture that the reader will get of a complicated field.

Becoming a customer-focused, versatile, and resilient organization is the goal of many of the agile transformations we are seeing in Germany and Austria, regardless of company size or industry. The journey for organizations is not easy - sometimes it is even bumpier than it needs to be. One thing is certain: there is no single right way - no "happy path" - to achieve an agile transformation, because the individual requirements of countless organizations cannot be met by a one-size-fits-all approach to change. However, there are tools that make the journey easier and sustainable success more likely. Even when transformations go through a crisis - which is more common than you might think - there are reasons to remain optimistic. The authors of this book work at the heart of transformation activities. They design strategies for agile transformations, bring derailed transformations back on track, and guide people in the organization until they are able to design the next stages of change themselves. All of the approaches presented in this book are backed by experience and proven to work.

This up-to-date self-study system offers 100% coverage of every topic on the 2016 version of the CISA exam The fully revised new edition delivers complete coverage of every topic on the latest release of the Certified Information Systems Auditor (CISA) exam. Written by an IT security and auditing expert, CISA Certified Information Systems Auditor All-in-One Exam Guide, Third Edition, covers all five exam domains developed by the Information Systems Audit and Control Association (ISACA). This effective self-study system features learning objectives at the beginning of each chapter, in-depth explanations of each topic, and accurate practice questions. Each chapter includes Exam Tips that highlight key exam information, hands-on exercises, a chapter summary that serves as a quick review, and end-of-chapter questions that simulate those on the actual exam. Designed to help you pass the CISA exam with ease, this trusted guide also serves as an ideal on-the-job reference. The latest edition of this trusted resource offers complete, up-to-date coverage of all the material included on the latest release of the Certified Information Systems Auditor exam. Written by an IT security and audit expert, CISA Certified Information Systems Auditor All-in-One Exam Guide, Third Edition covers all five exam domains developed by ISACA®. You’ll find learning objectives at the beginning of each chapter, exam tips, practice exam questions, and in-depth explanations. Designed to help you pass the CISA exam with ease, this comprehensive guide also serves as an essential on-the-job reference for new and established IS auditors. COVERS ALL EXAM TOPICS, INCLUDING: • IT governance and management • Information systems audit process • Information systems life-cycle management • IT service delivery and infrastructure • Information asset protection Electronic content includes: • 400 practice exam questions in the Total Tester exam engine--take full-length practice exams or customizable quizzes by exam topic (Windows only)

"All-in-One is All You Need" The new edition of this trusted resource offers complete, up-to-date coverage of all the material included on the latest release of the Certified Information Systems Auditor exam. Written by an IT security and audit expert, CISA Certified Information Systems Auditor All-in-One Exam Guide, Second Edition covers all five exam domains developed by the Information Systems Audit and Control Association (ISACA). You'll find learning objectives at the beginning of each chapter, exam tips, practice exam questions, and in-depth explanations. Designed to help you pass the CISA exam with ease, this comprehensive guide also serves as an essential on-the-job reference. Covers all exam topics, including: IT governance and management IS audit process IT life-cycle management IT service delivery and infrastructure Information asset protection CD-ROM features: 200+ practice exam questions PDF copy of the book

Publisher's Note: Products purchased from Third Party sellers are not guaranteed by the publisher for quality, authenticity, or access to any online entitlements included with the product. Includes CISA All-in-One Exam Guide & CISA Practice Exams as well as a bonus Quick Review Guide -- all for 20% less than purchasing the books individually Take ISACA’s challenging Certified Information Systems Auditor (CISA) exam with complete confidence using this comprehensive self-study collection. Comprised of CISA Certified Information Systems Auditor All-in-One Exam Guide, Fourth Edition, CISA Certified Information Systems Auditor Practice Exams, and bonus digital content, this bundle contains 100% coverage of every topic in the 2019 CISA Job Practice. You will get real-world examples, professional insights, and concise explanations. CISA Certified Information Systems Auditor Bundle contains practice questions that match those on the live exam in content, style, tone, format, and difficulty. Every topic on the test is covered, including the information systems auditing process; governance and management of IT; information systems acquisition, development, and implementation; information systems operations and business resilience; and protection of information assets. This authoritative bundle serves both as a study tool AND a valuable on-the-job reference for auditing and security professionals. • Contains up-to-date coverage of all five exam domains • Online content includes 450 practice exam questions in a customizable test engine and a bonus quick review guide • Written by IT auditing expert and best-selling author, Peter Gregory