Advanced reading recommendations



              AICPA/ITEC. “Information Technology Considerations in Risk-Based Auditing” (discussion paper).
               2007.
              AICPA. SAS No. 104-111.
              AICPA, AU-C section 365, 400.
              AICPA, Trust Services (2017).
              COSO. “Internal Control over Financial Reporting – Guidance for Smaller Public Companies,” Volumes
               II (Guidance) and III (Evaluation Tools). 2006.
              Moeller, Robert R. IT Audit, Control, and Security. Hoboken, NJ: Wiley, 2010.
              PCAOB, AS5.
              Weber, Ron. Information Systems Control and Audit. Upper Saddle River, NJ: Prentice Hall, 1999.
              Laudon, Kenneth C. and Jane P. Laudon. Management Information Systems: Managing the Digital
                       th
               Firm, 11  ed. Upper Saddle River, NJ: Prentice Hall, 2009.
              Turban, E., R. Sharda, J. Aronson, and D. King, Business Intelligence: A Managerial Approach, 2nd ed.
               Upper Saddle River, NJ: Prentice Hall, 2010.
              Van Grembergen, Wim and Steven De Haes. Enterprise Governance of Information Technology:
               Achieving Strategic Alignment and Value, 2009 Edition. New York, NY: Springer, 2009.
              Van Grembergen, Wim and Steven De Haes. Business Strategy and Applications in Enterprise IT
               Governance. Hershey, PA: IGI Global, 2012.
              De Haes, Steven and Wim Van Grembergen. Enterprise Governance of Information Technology:
               Achieving Alignment and Value, Featuring COBIT 5, Second Edition. New York, NY: Springer, 2015.
              De Haes, Steven, Wim Van Grembergen, Anant Joshi, and Tim Huygh. Enterprise Governance of
               Information Technology: Achieving Alignment and Value in Digital Organizations, Third Edition. New
               York, NY: Springer, 2019.
              AICPA: www.aicpa.org/content/dam/aicpa/interestareas/frc/assuranceadvisoryservices/
               downloadabledocuments/soc2-vs-soc-for-cyber-brochure.pdf
              AICPA: www.aicpa.org/content/dam/aicpa/interestareas/frc/assuranceadvisoryservices/
               downloadabledocuments/cybersecurity/soc-2-vs-cyber-whitepaper-web-final.pdf
              AICPA: www.aicpa.org/content/dam/aicpa/interestareas/frc/assuranceadvisoryservices/
               downloadabledocuments/soc-for-service-organizations-brochure.pdf
              AICPA: www.aicpa.org/interestareas/frc/assuranceadvisoryservices/
               mappingsrelevanttothesocsuiteofservices.html
              AICPA: www.aicpa.org/interestareas/frc/assuranceadvisoryservices/soctoolkit-firms.html
              Kaplan Publishing Limited. Risk and Control of Information Systems. Durham, NC: AICPA, 2015.
              Kaplan Publishing Limited. Strategy Implementation & Change Management Track (Modules 7-12).
               Durham, NC: AICPA, 2015
              AICPA. Codification of Statements on Standards for Attestation Engagements. Durham, NC: AICPA,
               2019.
              AICPA. Reporting on an Examination of Controls at a Service Organization Relevant to User Entities’
               Internal Control Over Financial Reporting (SOC 1®) Guide. Durham, NC: AICPA, 2017.
              AICPA. SOC 2® Reporting on an Examination of Controls at a Service Organization Relevant to Security,
               Availability, Processing Integrity, Confidentiality, or Privacy Guide. Durham, NC: AICPA, 2018.
              AICPA. Reporting on an Entity’s Cybersecurity Risk Management Program and Controls: Attestation
               Guide. Durham, NC, 2017.








            © 2019 Association of International Certified Professional Accountants. All rights reserved.    3-57