IT Audit School

IT Audit
IT Audit School Overview
Clock icon0h 1m
[MUSIC] Hello, and welcome to IT Audit School. I'm Dr. Hernan Murdock, and I'll be your host. With me, will be Jason Claycomb. Jason, introduce yourself. Hey Hernan, I'm happy to be here. My name is Jason Claycomb. I am an IT governance and cybersecurity professional. I've been working in the space for over 30 years. Started out doing internal IT audits. And now still do audits, but also work as a Chief Security Officer for some organizations. So I got both the internal company perspective, and looking at organizations from the outside. And I'm really excited to participate in all these episodes for the IT Audit School. Great to have you with me here as we talk about a variety of topics including business and support systems, ICT infrastructure, everything from workstations to servers to cloud computing. We will also spend time talking about data and information security, risk assessment, risk management and relevant controls. Business continuity and disaster recovery, and how to prepare audit plans and audit programs. There's a lot we're going to cover. I hope you join us. [MUSIC]

Overview

This course is for Financial, Operational, Business, and new IT Auditors and provides an in-depth review of the risks and controls of auditing IT and business application systems. Participants will learn about the database, network, business application, transaction risks and controls, end-user computing, assessing control ownership, and how to document and test inputs, processes, outputs, master files, and interfaces.

Why you should take this course.

For users who are new to internal auditing, or would like to learn more about it.

Here are the learning objectives we'll cover.

  • Learners will be able to describe what a technical term refers to and understand its place in an organization.
  • Learners will be able to identify risks associated with the use of technology by their organization.
  • Learners will be able to describe categories of controls that may be in place to protect systems.
  • Learners will be able to break down the control environment based on internal policies and standard frameworks to determine if the organization complies with policies and aligns with frameworks.

Here are the topics we'll cover.

  1. How is IT used in Companies?

    • Business systems
    • Support systems
    • Infrastructure
    • Marketing and sales

  2. IT Risks

    • Risk overview
    • Confidentiality, integrity, availability (CIA)
    • Managing risk

  3. Basics of IT

    • Computing devices and operating systems
    • Significant computer types
    • Client/server technology
    • Middleware/APIs
    • Virtualization
    • Programs and programming overview

  4. Networks

    • Overview
    • Network devices
    • Network protocols, ports, and services
    • Firewalls
    • Network monitoring (IDS/IPS/SIEM)-
    • Cloud – characteristics
    • Cloud – service models
    • Cloud – audit considerations

  5. Internet of Things (IoT)

    • Definitions
    • Usage and control overview

  6. Databases

    • Database types
    • Database terminology/definitions
    • SQL
    • Database audit concepts

  7. IT General Controls (ITGCs)

    • IT general controls introduction
    • Logical security – authentication
    • Administration and awareness
    • Encryption overview
    • System development lifecycle (SDLC)
    • Change management
    • SDLC/System Development Methodology (SDM) audits
    • IT operations
    • Vulnerability scanning and penetration testing
    • Physical and environmental controls
    • Business continuity planning
    • Disaster recovery planning
    • Mobile device management (MDM)/Bring Your Own Device (BYOD)
    • End-user computing

  8. Frameworks and Laws

    • Security and audit frameworks – Part 1
    • Security and audit frameworks – Part 2

  9. Governance

    • Business and IT strategy
    • IT and security strategy
    • IT risk assessment
    • Risk register and acceptance
    • Vendor management

  10. Applications

    • Application control objectives
    • Business transaction processing
    • Business support and IoT applications

  11. Audit Planning

    • Audit risk assessment
    • IT audit scoping
    • IT general controls
    • Technical audits
    • Application/integrated audits

Learning Style

On Demand

Level

Entry Level

Includes

Assessment

Who this course is for

Entry-level IT Auditors and Technologists looking for a foundational understanding of IT auditing.

NASBA Certified CPE

32 credits

Field of Study

Auditing

Length of course

32h

Prerequisites

None

Advanced Preparation

None
Start Learning Today
Stay ahead of the curve and future-proof your business with training programs designed for you.
Purchase a PlanContact Sales

ACI Learning is registered with NASBA

ACI Learning is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: https://www.nasbaregistry.org/