IT Audit School
IT Audit
IT Audit School Overview
[MUSIC]
Hello, and welcome to IT Audit School.
I'm Dr. Hernan Murdock,
and I'll be your host.
With me, will be Jason Claycomb.
Jason, introduce yourself.
Hey Hernan, I'm happy to be here.
My name is Jason Claycomb.
I am an IT governance and
cybersecurity professional.
I've been working in the space for
over 30 years.
Started out doing internal IT audits.
And now still do audits, but
also work as a Chief Security Officer for
some organizations.
So I got both the internal
company perspective, and
looking at organizations from the outside.
And I'm really excited to participate
in all these episodes for
the IT Audit School.
Great to have you with me here as we
talk about a variety of topics including
business and support systems,
ICT infrastructure,
everything from workstations
to servers to cloud computing.
We will also spend time talking
about data and information security,
risk assessment, risk management and
relevant controls.
Business continuity and disaster recovery,
and how to prepare audit plans and
audit programs.
There's a lot we're going to cover.
I hope you join us.
[MUSIC]
Overview
This course is for Financial, Operational, Business, and new IT Auditors and provides an in-depth review of the risks and controls of auditing IT and business application systems. Participants will learn about the database, network, business application, transaction risks and controls, end-user computing, assessing control ownership, and how to document and test inputs, processes, outputs, master files, and interfaces.
Why you should take this course.
For users who are new to internal auditing, or would like to learn more about it.
Here are the learning objectives we'll cover.
- Learners will be able to describe what a technical term refers to and understand its place in an organization.
- Learners will be able to identify risks associated with the use of technology by their organization.
- Learners will be able to describe categories of controls that may be in place to protect systems.
- Learners will be able to break down the control environment based on internal policies and standard frameworks to determine if the organization complies with policies and aligns with frameworks.
Here are the topics we'll cover.
-
How is IT used in Companies?
- Business systems
- Support systems
- Infrastructure
- Marketing and sales
-
IT Risks
- Risk overview
- Confidentiality, integrity, availability (CIA)
- Managing risk
-
Basics of IT
- Computing devices and operating systems
- Significant computer types
- Client/server technology
- Middleware/APIs
- Virtualization
- Programs and programming overview
-
Networks
- Overview
- Network devices
- Network protocols, ports, and services
- Firewalls
- Network monitoring (IDS/IPS/SIEM)-
- Cloud – characteristics
- Cloud – service models
- Cloud – audit considerations
-
Internet of Things (IoT)
- Definitions
- Usage and control overview
-
Databases
- Database types
- Database terminology/definitions
- SQL
- Database audit concepts
-
IT General Controls (ITGCs)
- IT general controls introduction
- Logical security – authentication
- Administration and awareness
- Encryption overview
- System development lifecycle (SDLC)
- Change management
- SDLC/System Development Methodology (SDM) audits
- IT operations
- Vulnerability scanning and penetration testing
- Physical and environmental controls
- Business continuity planning
- Disaster recovery planning
- Mobile device management (MDM)/Bring Your Own Device (BYOD)
- End-user computing
-
Frameworks and Laws
- Security and audit frameworks – Part 1
- Security and audit frameworks – Part 2
-
Governance
- Business and IT strategy
- IT and security strategy
- IT risk assessment
- Risk register and acceptance
- Vendor management
-
Applications
- Application control objectives
- Business transaction processing
- Business support and IoT applications
-
Audit Planning
- Audit risk assessment
- IT audit scoping
- IT general controls
- Technical audits
- Application/integrated audits
Learning Style
On Demand
Level
Entry Level
Includes
Assessment
Who this course is for
Entry-level IT Auditors and Technologists looking for a foundational understanding of IT auditing.
NASBA Certified CPE
32 credits
Field of Study
Auditing
Length of course
32h
Prerequisites
None
Advanced Preparation
None
Start Learning Today
Stay ahead of the curve and future-proof your business with training programs designed for you.
Purchase a PlanContact SalesACI Learning is registered with NASBA
ACI Learning is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: https://www.nasbaregistry.org/