The purpose of this book is to help understand how information systems affect risks, what controls should be implemented to mitigate risks and how controls can be tested and assessed to provide assurance to management, customers and auditors. This book discusses assurance from the perspectives of management and auditors. Many chapters of this book provide guidelines to auditors in identifying and testing internal controls. This book is a comprehensive guide to preparing for the Certified Information Systems Auditor examination.