Documentos de Académico
Documentos de Profesional
Documentos de Cultura
Information
Technology
Auditing
Chapter 15
Chapter 15:
Information Technology Auditing
Introduction
The Audit Function
The Information Technology Auditors Toolkit
Auditing Computerized Accounting Information Systems
Information Technology Auditing Today
2
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
Introduction
Audits of AISs
Ensure controls are functioning properly
Confirm additional controls not necessary
Nature of Auditing
Internal and external auditing
IT Audit and financial audit
Tools of an IT auditor
3
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
4
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
Internal Auditing
Responsibility of Performance
Companys own employees
External of the department being audited
Evaluation of:
Employee compliance with policies and procedures
Effectiveness of operations
Compliance with external laws and regulations
Reliability of financial reports
Internal controls
5
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
External Auditing
Responsibility of Performance
Those outside the organization
Accountants working for independent CPA
Audit Purpose
Performance of the attest function
Evaluate the accuracy and fairness of the financial statements
relative to GAAP
6
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
7
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
8
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
The Components
of an IT Audit
9
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
10
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
11
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
12
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
14
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
15
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
Collecting Evidence
16
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
Collecting Evidence
Evaluating Evidence
17
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
Collecting Evidence
Evaluating Evidence
Communicating Audit
Results
18
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
Collecting Evidence
Evaluating Evidence
Communicating Audit
Results
Audit planning
Purpose: Determine why, how, when, and by
whom the audit will be performed.
The first step in audit planning is to establish
the scope and objectives of the audit.
An audit team with the necessary experience
and expertise is formed.
Team members become familiar with the
auditee by:
19
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
20
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
21
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
23
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
Collecting Evidence
Collection of audit
evidence
Much audit effort is spent
collecting evidence.
Evaluating Evidence
Communicating Audit
Results
24
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
25
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
26
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
27
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
Observation
Review of documentation
Discussions
Physical examination
Examine quantity and/or condition of tangible
assets, such as equipment, inventory, or cash.
28
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
Observation
Review of documentation
Discussions
Physical examination
Confirmation
Communicate with third parties to check the
accuracy of information such as customer account
balances.
29
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
Observation
Review of documentation
Discussions
Physical examination
Confirmation
Re-performance
Repeat a calculation to verify quantitative
information on records and reports.
30
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
Observation
Review of documentation
Discussions
Physical examination
Examine supporting documents to ensure the
Confirmation
validity of the transaction.
Re-performance
Vouching
31
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
Observation
Examine relationships and trends among information
Review of
documentation
items to detect those that deserve further
Discussions
investigation.
Physical examination
Example: If the inventory turnover ratio has
Confirmation
plummeted, its time to investigate why the change
Re-performance
has occurred.
Vouching
Analytical review
32
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
33
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
Observation
Review of documentation
Discussions
Re-performance
Physical examination
Confirmation
Vouching
Analytical review
Re-performance
34
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
Collecting Evidence
Evaluating Evidence
Communicating Audit
Results
35
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
Reasonable
assurance is somewhat of a
THE NATURE
OF
AUDITING
cost-benefit notion.
Planning
Collecting Evidence
Evaluating Evidence
Communicating Audit
Results
36
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
37
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
Collecting Evidence
Evaluating Evidence
Communicating Audit
Results
39
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
40
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
THE NATURE
OF AUDITING
Perform a systems review to determine if necessary
samples
of system
inputs and outputs
by preventingChecking
or detecting
such errors
and irregularities.
Tracing transactions through the system
Evaluate the
control procedures.
41
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
42
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
43
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
Careers in IT Auditing
Background
Accounting skills
Information systems or computer science skills
INFORMATION SYSTEMS
AUDITS
45
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
INFORMATION SYSTEMS
AUDITS
46
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
Source
Data
Data
Entry
Objective 2:
Program Development
and Acquisition
Programs
Source
Data
Processing
Files
Output
Objective 3:
Program Modification
Objective 6:
Data Files
47
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
Source
Data
Data
Entry
Objective 2:
Program Development
and Acquisition
Programs
Source
Data
Processing
Files
Output
Objective 3:
Program Modification
Objective 6:
Data Files
48
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
OBJECTIVE 1: OVERALL
SECURITY
49
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
OBJECTIVE 1: OVERALL
SECURITY
50
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
OBJECTIVE 1: OVERALL
SECURITY
51
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
OBJECTIVE 1: OVERALL
SECURITY
OBJECTIVE 1: OVERALL
SECURITY
Compensating controls
Source
Data
Data
Entry
Objective 2:
Program Development
and Acquisition
Programs
Source
Data
Processing
Files
Output
Objective 3:
Program Modification
Objective 6:
Data Files
54
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
Source
Data
Data
Entry
Objective 2:
Program Development
and Acquisition
Programs
Source
Data
Processing
Files
Output
Objective 3:
Program Modification
Objective 6:
Data Files
55
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
OBJECTIVE 2: PROGRAM
DEVELOPMENT AND ACQUISITION
Types of errors and fraud:
Two things can go wrong in program development:
Inadvertent errors due to careless programming or
misunderstanding specifications; or
Deliberate insertion of unauthorized instructions into
the programs.
56
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
OBJECTIVE 2: PROGRAM
DEVELOPMENT AND ACQUISITION
Control procedures:
The preceding problems can be controlled by requiring:
Management and user authorization and approval
Thorough testing
Proper documentation
57
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
OBJECTIVE 2: PROGRAM
DEVELOPMENT AND ACQUISITION
Audit procedures: Systems review
The auditors role in systems development should be
limited to an independent review of system development
activities.
To maintain necessary objectivity for performing an independent
evaluation, the auditor should not be involved in system
development.
During the systems review, the auditor should gain an
understanding of development procedures by discussing them with
management, users, and IS personnel.
Should also review policies, procedures, standards, and
documentation for systems and programs.
58
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
OBJECTIVE 2: PROGRAM
DEVELOPMENT AND ACQUISITION
Audit procedures: Tests of controls
To test systems development controls, auditors should:
OBJECTIVE 2: PROGRAM
DEVELOPMENT AND ACQUISITION
Compensating controls
Strong processing controls can sometimes compensate for
inadequate development controls.
If auditors rely on compensatory processing controls,
they should obtain persuasive evidence of compliance.
Use techniques such as independent processing of
test data to do so.
If this type of evidence cant be obtained, they may
have to conclude there is a material weakness in internal
control.
60
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
Source
Data
Data
Entry
Objective 2:
Program Development
and Acquisition
Programs
Source
Data
Processing
Files
Output
Objective 3:
Program Modification
Objective 6:
Data Files
61
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
Source
Data
Data
Entry
Objective 2:
Program Development
and Acquisition
Programs
Source
Data
Processing
Files
Output
Objective 3:
Program Modification
Objective 6:
Data Files
62
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
OBJECTIVE 3: PROGRAM
MODIFICATION
Types of errors and fraud
Same that can occur during program development:
Inadvertent programming errors
Unauthorized programming code
63
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
OBJECTIVE 3: PROGRAM
MODIFICATION
Control procedures
When a program change is submitted for approval, a list of all required
updates should be compiled by management and program users.
Changes should be thoroughly tested and documented.
During the change process, the developmental version of the program
must be kept separate from the production version.
When the amended program has received final approval, it should
replace the production version.
Changes should be implemented by personnel independent of users or
programmers.
Logical access controls should be employed at all times.
64
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
OBJECTIVE 3: PROGRAM
MODIFICATION
Audit procedures: System review
During systems review, auditors should:
Gain an understanding of the change process by discussing it with
management and user personnel.
Examine the policies, procedures, and standards for approving,
modifying, testing, and documenting the changes.
Review a complete set of final documentation materials for recent
program changes, including test procedures and results.
Review the procedures used to restrict logical access to the
developmental version of the program.
65
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
OBJECTIVE 3: PROGRAM
MODIFICATION
Audit procedures: Tests of controls
An important part of these tests is to verify that program changes were
identified, listed, approved, tested, and documented.
Requires that the auditor observe how changes are implemented to
verify that:
Separate development and production programs are maintained;
and
Changes are implemented by someone independent of the user and
programming functions.
The auditor should review the development programs access control
table to verify that only those users assigned to carry out modification
had access to the system.
66
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
OBJECTIVE 3: PROGRAM
MODIFICATION
To test for unauthorized program changes, auditors can use
a source code comparison program to compare the current
version of the program with the original source code.
Any unauthorized differences should result in an
investigation.
If the difference represents an authorized change, the
auditor can refer to the program change specifications to
ensure that the changes were authorized and correctly
incorporated.
67
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
OBJECTIVE 3: PROGRAM
MODIFICATION
Two additional techniques detect unauthorized program
changes:
Reprocessing
On a surprise basis, the auditor uses a verified copy of
the source code to reprocess data and compare that
output with the companys data.
Discrepancies are investigated.
Parallel simulation
Similar to reprocessing except that the auditor writes his
own program instead of using verified source code.
Can be used to test a program during the
implementation process.
68
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
OBJECTIVE 3: PROGRAM
MODIFICATION
Auditors should observe testing and implementation,
review related authorizations, and, if necessary, perform
independent tests for each major program change.
If this step is skipped and program change controls are
subsequently deemed inadequate, it may not be possible to
rely on program outputs.
Auditors should always test programs on a surprise basis to
protect against unauthorized changes being inserted after
the examination is completed and then removed prior to
scheduled audits.
69
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
OBJECTIVE 3: PROGRAM
MODIFICATION
Compensating controls
If internal controls over program changes are deficient,
compensation controls are:
Source code comparison;
Reprocessing; and/or
Parallel simulation.
Source
Data
Data
Entry
Objective 2:
Program Development
and Acquisition
Programs
Source
Data
Processing
Files
Output
Objective 3:
Program Modification
Objective 6:
Data Files
71
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
Source
Data
Data
Entry
Objective 2:
Program Development
and Acquisition
Programs
Source
Data
Processing
Files
Output
Objective 3:
Program Modification
Objective 6:
Data Files
72
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
OBJECTIVE 4: COMPUTER
PROCESSING
Types of errors and fraud
During computer processing, the system may:
Fail to detect erroneous input.
Improperly correct input errors.
Process erroneous input.
Improperly distribute or disclose output.
73
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
OBJECTIVE 4: COMPUTER
PROCESSING
Control procedures
74
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
OBJECTIVE 4: COMPUTER
PROCESSING
Audit procedures: Systems review
Review administrative documentation for processing
control standards.
Review systems documentation for data editing and other
processing controls.
Review operating documentation for completeness and
clarity.
Review copies of error listings, batch total reports, and file
change lists.
Observe computer operations and data control functions.
Discuss processing and output controls with operations and
IS supervisory personnel.
75
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
OBJECTIVE 4: COMPUTER
PROCESSING
Audit procedures: Tests of controls
Evaluate adequacy of processing control standards and procedures.
Evaluate adequacy and completeness of data editing controls.
Verify adherence to processing control procedures by observing
computer operations and the data control function.
Verify that selected application system output is properly distributed.
Reconcile a sample of batch totals, and follow up on discrepancies.
Trace disposition of a sample of errors flagged by data edit routines to
ensure proper handling.
Verify processing accuracy for a sample of sensitive transactions.
76
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
OBJECTIVE 4: COMPUTER
PROCESSING
Verify processing accuracy for selected computer-generated
transactions.
Search for erroneous or unauthorized code via analysis of program
logic.
Check accuracy and completeness of processing controls using test
data.
Monitor online processing systems using concurrent audit techniques.
Recreate selected reports to test for accuracy and completeness.
77
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
OBJECTIVE 4: COMPUTER
PROCESSING
Compensating controls
Auditors must periodically re-evaluate processing controls
to ensure their continued reliability.
If controls are unsatisfactory, user and source data
controls may be strong enough to compensate.
If not, a material weakness exists and steps should be
taken to eliminate the control deficiencies.
78
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
OBJECTIVE 4: COMPUTER
PROCESSING
The purpose of the preceding audit procedures is to gain an
understanding of the controls, evaluate their adequacy, and
observe operations for evidence that the controls are in use.
Several specialized techniques allow the auditor to use the
computer to test processing controls:
Processing test data.
Using concurrent audit techniques.
Analyzing program logic.
OBJECTIVE 4: COMPUTER
PROCESSING
The purpose of the preceding audit procedures is to gain an
understanding of the controls, evaluate their adequacy, and
observe operations for evidence that the controls are in use.
Several specialized techniques allow the auditor to use the
computer to test processing controls:
Processing test data.
Using concurrent audit techniques.
Analyzing program logic.
OBJECTIVE 4: COMPUTER
PROCESSING
Processing test data
Involves testing a program by processing a hypothetical
series of valid and invalid transactions.
The program should:
Process all the valid transactions correctly.
Identify and reject the invalid ones.
OBJECTIVE 4: COMPUTER
PROCESSING
The following resources are helpful when preparing
test data:
A listing of actual transactions.
The transactions that the programmer used to test the
program.
A test data generator program, which automatically
prepares test data based on program specifications.
82
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
OBJECTIVE 4: COMPUTER
PROCESSING
In a batch processing system, the companys program and a
copy of relevant files are used to process the test data.
Results are compared with the predetermined correct output.
Discrepancies indicate processing errors or control deficiencies that
should be investigated.
83
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
OBJECTIVE 4: COMPUTER
PROCESSING
Although processing test transactions is usually
effective, it has the following disadvantages:
The auditor must spend considerable time understanding
the system and preparing an adequate set of test
transactions.
Care must be taken to ensure test data do not affect the
companys files and databases.
The auditor can reverse the effects of the test transactions or
process them in a separate run, using a copy of the file or database.
OBJECTIVE 4: COMPUTER
PROCESSING
The purpose of the preceding audit procedures is to gain an
understanding of the controls, evaluate their adequacy, and
observe operations for evidence that the controls are in use.
Several specialized techniques allow the auditor to use the
computer to test processing controls:
Processing test data.
Using concurrent audit techniques.
Analyzing program logic.
OBJECTIVE 4: COMPUTER
PROCESSING
Concurrent audit techniques
Millions of dollars of transactions can be processed in an
online system without leaving a satisfactory audit trail.
In such cases, evidence gathered after data processing is
insufficient for audit purposes.
Also, because many online systems process transactions
continuously, it is difficult or impossible to stop the system
to perform audit tests.
Consequently, auditors use concurrent audit techniques to
continually monitor the system and collect audit evidence
while live data are processed during regular operating
hours.
86
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
OBJECTIVE 5: SOURCE
DATA
Types of errors and fraud
Inaccurate source data
Unauthorized source data
87
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
OBJECTIVE 5: SOURCE
DATA
Control procedures
88
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
OBJECTIVE 5: SOURCE
DATA
Audit procedures: System review
89
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
OBJECTIVE 5: SOURCE
DATA
Audit procedures: Tests of controls
OBJECTIVE 5: SOURCE
DATA
Compensating controls
91
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
92
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
Careers in IT Auditing
Certified Information Security Manager (CISM)
Business orientation
Understand risk management and security
CISM Knowledge
94
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
Risk Assessment
Risk-Based Audit Approach
Determine the threats
Identify the control procedures needed
Evaluate the current control procedures
Evaluate the weaknesses within the AIS
Benefits
Understanding of errors and irregularities
Sound basis for recommendations
95
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
Information Systems
Risk Assessment
Method of evaluating desirability of IT controls
Types of Risks
Errors and accidents
Loss of company secrets
Unauthorized manipulation of company files
Interrupted computer access
Penetration Testing
96
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
Study Break #1
An IT auditor:
A. Must be an external auditor
B. Must be an internal auditor
C. Can be either an internal or external auditor
D. Must be a Certified Public Accountant
97
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
Study Break #2
In determining the scope of an IT audit, the auditor should pay
most attention to:
A. Threats and risks
B. The cost of the audit
C. What the IT manager asks to be evaluated
D. Listings of standard control procedures
98
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
99
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
General-Use Software
Productivity tools that improve the auditors work
Types
Word processing programs
Spreadsheet software
Database management systems (DBMS)
Structured Query Language (SQL)
100
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
101
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
Generalized Audit
Software - Inventory
102
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
Automated Workpapers
Overview
Automate and standardize audit tests
Can prepare financial statements and other financial measures
Features
People Skills
Examples
Working as a team
Interact with clients and other auditors
Interviewing clients
Importance of Interviews
Gain understanding of organization
Evaluate internal controls
104
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
105
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
106
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
107
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
108
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
109
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
110
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
111
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
112
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
Password Parameters
113
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
Validating Users
and Access Privileges
Purpose
Ensure all system users are valid
Appropriate access privileges
Utilize Software Tools
Examine login times
Exception conditions
Irregularities
114
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
Continuous Auditing
Embedded Audit Modules (Audit Hooks)
Capture data for audit purposes
Exception Reporting
Transactions falling outside given parameters are rejected
Transaction Tagging
Certain transactions tagged and progress recorded
115
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
Continuous Auditing
Snapshot Technique
Examines how transactions are processed
Continuous and Intermittent Simulation (CIS)
Embeds audit module in a database management system
(DBMS)
Similar to parallel simulation
116
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
117
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
Study Break #3
Which of the following is NOT an audit technique for auditing
computerized AIS?
A. Parallel simulation
B. Use of specialized control software
C. Continuous auditing
D. All of the above are techniques used to audit computerized
AIS
118
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
Study Break #4
Continuous auditing:
A. Has been talked about for years but will never catch on
B. Will likely become popular if organizations adopt XBRL in
their financial reporting
C. Does not include techniques such as embedded audit
modules
D. Will never allow IT auditors to provide some types of
assurance on a real-time basis
119
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
IT Governance
Overview
Process of using IT resources effectively
Efficient, responsible, strategic use of IT
Objectives
Using IT strategically to fulfill mission of organization
Ensure effective management of IT
120
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
IT Auditing Today
The Sarbanes-Oxley Act of 2002
Auditing Standard No. 5 (AS5)
Third Party and Information Systems Reliability Assurances
121
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
123
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
124
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
125
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
126
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
127
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.
128
Copyright 2015. John Wiley & Sons, Inc. All rights reserved.